1
Tech Clinic / Win32.P2P-Worm.Alcan.a
« on: September 04, 2005, 11:29:45 AM »
Well, then do each have their own strong and weak points if you use diffrent ones for each comp? And if so what are they?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Tech Clinic / Win32.P2P-Worm.Alcan.a
« on: September 03, 2005, 12:43:55 AM »
Your a miracle working, I swear it. I can Ctrl + Alt + Del now!
And yes, I do intend on reinstalling Nortan unless there is a program that levels it and is free.
And yes, it was off Limewire, which I now hate
http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sleep.gif\' class=\'bbc_emoticon\' alt=\'-_-\' />. Another thing I noticed is that it kept opening it (which is why I uninstalled when I first got it).
And I didn't try any fixed except spyware progs, i've never really had a virus that required I do so much stuff (luckly). I'll be on my gaurd now, and i'll do the system restore thing when I log off for the night.
Also, could you post some links to some GOOD free AV programs just incase I can't find my disk?
Also, what was this virus suppost to do? The only thing I noticed is that I couldn't open my Task Manager, no loss in physical or vitual memory, no errors with programs, nothing.
And yes, I do intend on reinstalling Nortan unless there is a program that levels it and is free.
And yes, it was off Limewire, which I now hate
And I didn't try any fixed except spyware progs, i've never really had a virus that required I do so much stuff (luckly). I'll be on my gaurd now, and i'll do the system restore thing when I log off for the night.
Also, could you post some links to some GOOD free AV programs just incase I can't find my disk?
Also, what was this virus suppost to do? The only thing I noticed is that I couldn't open my Task Manager, no loss in physical or vitual memory, no errors with programs, nothing.
3
Tech Clinic / Win32.P2P-Worm.Alcan.a
« on: September 02, 2005, 11:41:43 PM »
Sorry, tired.
What I mean is, after I do what you said above, may I attempt to remove it with a program such as Ad-Aware? I don't have Norton or anything installed yet due to the fact that I just reformatted.
What I mean is, after I do what you said above, may I attempt to remove it with a program such as Ad-Aware? I don't have Norton or anything installed yet due to the fact that I just reformatted.
4
Tech Clinic / Win32.P2P-Worm.Alcan.a
« on: September 02, 2005, 10:48:55 PM »
So....after I do all that I can attempt to remove it? Just use a prgram like Ad-Aware to remove it?
5
Tech Clinic / Win32.P2P-Worm.Alcan.a
« on: September 02, 2005, 01:25:59 PM »
Alright, yes, I can and did change it back to the XP theme.
Here is the host things:
127.0.0.1 localhost
thats all.
Here is the host things:
127.0.0.1 localhost
thats all.
6
Tech Clinic / Win32.P2P-Worm.Alcan.a
« on: September 01, 2005, 11:45:06 PM »
Hey! Alrighty, somehow my folder view options were changed, I changed them back and found Luna.msstyles. Sorry for the change, but I didn't notice untill I looked due to not finding hosts, also I deleted that, should I put it back?
Size is 4,089 kb
Should I still do what you said above?
Size is 4,089 kb
Should I still do what you said above?
7
Tech Clinic / Win32.P2P-Worm.Alcan.a
« on: September 01, 2005, 11:03:35 PM »
Alright, here is my WinPFind log:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Items found in C:\WINDOWS\hosts
Checking %System% folder...
PEC2 8/23/2001 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 7/12/2005 6:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 8/4/2005 10:01:54 AM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2005 10:01:54 AM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
Umonitor 8/29/2002 6:41:10 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/23/2001 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
Checking %System%\Drivers folder and sub-folders...
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/1/2005 11:43:10 PM S 2048 C:\WINDOWS\bootstat.dat
8/18/2005 2:23:32 PM RH 19 C:\WINDOWS\hosts
8/31/2005 2:40:08 PM H 54156 C:\WINDOWS\QTFont.qfn
8/14/2005 9:54:44 PM RH 749 C:\WINDOWS\WindowsShell.Manifest
8/15/2005 12:07:56 AM RHS 227 C:\WINDOWS\assembly\Desktop.ini
8/14/2005 9:54:50 PM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
8/14/2005 9:55:30 PM HS 67 C:\WINDOWS\Fonts\desktop.ini
8/15/2005 12:27:10 AM H 0 C:\WINDOWS\inf\oem12.inf
8/14/2005 10:16:50 PM H 0 C:\WINDOWS\inf\oem8.inf
8/14/2005 11:42:58 PM H 0 C:\WINDOWS\inf\oem9.inf
8/14/2005 9:54:50 PM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
8/14/2005 9:55:10 PM RHS 242478 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_1.cab
8/15/2005 12:28:10 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_10.cab
8/15/2005 12:28:10 AM RHS 25529 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_11.cab
8/15/2005 12:28:10 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_12.cab
8/15/2005 12:28:10 AM RHS 26316 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_13.cab
8/15/2005 12:28:10 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_14.cab
8/15/2005 12:28:10 AM RHS 26386 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_15.cab
8/15/2005 12:28:10 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_16.cab
8/15/2005 12:28:10 AM RHS 26656 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_17.cab
8/15/2005 12:28:10 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_18.cab
8/15/2005 12:28:12 AM RHS 26651 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_19.cab
8/14/2005 9:55:10 PM RHS 19959 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_2.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_20.cab
8/15/2005 12:28:12 AM RHS 26254 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_21.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_22.cab
8/15/2005 12:28:12 AM RHS 26107 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_23.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_24.cab
8/15/2005 12:28:12 AM RHS 26448 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_25.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_26.cab
8/15/2005 12:28:12 AM RHS 25852 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_27.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_28.cab
8/15/2005 12:28:12 AM RHS 26289 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_29.cab
8/14/2005 9:55:10 PM RHS 727 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_3.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_30.cab
8/15/2005 12:28:12 AM RHS 26382 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_31.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_32.cab
8/15/2005 12:28:12 AM RHS 26290 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_33.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_34.cab
8/15/2005 12:28:12 AM RHS 25895 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_35.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_36.cab
8/15/2005 12:28:12 AM RHS 26493 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_37.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_38.cab
8/15/2005 12:28:12 AM RHS 26228 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_39.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_40.cab
8/15/2005 12:28:12 AM RHS 26466 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_41.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_42.cab
8/15/2005 12:28:12 AM RHS 26282 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_43.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_44.cab
8/15/2005 12:28:12 AM RHS 26319 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_45.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_46.cab
8/15/2005 12:28:12 AM RHS 26283 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_47.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_48.cab
8/15/2005 12:28:12 AM RHS 26289 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_49.cab
8/15/2005 12:22:50 AM RHS 70111 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_5.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_50.cab
8/15/2005 12:28:12 AM RHS 26125 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_51.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_52.cab
8/15/2005 1:02:22 AM RHS 26173 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_53.cab
8/15/2005 1:02:22 AM RHS 25959 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_54.cab
8/15/2005 1:02:22 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_55.cab
8/15/2005 1:02:22 AM RHS 25566 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_56.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_57.cab
8/15/2005 1:02:24 AM RHS 25530 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_58.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_59.cab
8/15/2005 12:28:10 AM RHS 26172 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_6.cab
8/15/2005 1:02:24 AM RHS 26317 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_60.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_61.cab
8/15/2005 1:02:24 AM RHS 26387 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_62.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_63.cab
8/15/2005 1:02:24 AM RHS 26657 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_64.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_65.cab
8/15/2005 1:02:24 AM RHS 26652 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_66.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_67.cab
8/15/2005 1:02:24 AM RHS 26255 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_68.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_69.cab
8/15/2005 12:28:10 AM RHS 25958 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_7.cab
8/15/2005 1:02:24 AM RHS 26108 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_70.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_71.cab
8/15/2005 1:02:24 AM RHS 26449 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_72.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_73.cab
8/15/2005 1:02:24 AM RHS 25853 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_74.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_75.cab
8/15/2005 1:02:24 AM RHS 26290 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_76.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_77.cab
8/15/2005 1:02:24 AM RHS 26383 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_78.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_79.cab
8/15/2005 12:28:10 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_8.cab
8/15/2005 1:02:24 AM RHS 26291 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_80.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_81.cab
8/15/2005 1:02:24 AM RHS 25896 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_82.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_83.cab
8/15/2005 1:02:26 AM RHS 26494 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_84.cab
8/15/2005 1:02:26 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_85.cab
8/15/2005 1:02:26 AM RHS 26229 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_86.cab
8/15/2005 1:02:26 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_87.cab
8/15/2005 1:02:26 AM RHS 26467 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_88.cab
8/15/2005 1:02:26 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_89.cab
8/15/2005 12:28:10 AM RHS 25565 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_9.cab
8/15/2005 1:02:26 AM RHS 26283 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_90.cab
8/15/2005 1:02:26 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_91.cab
8/15/2005 1:02:26 AM RHS 26320 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_92.cab
8/15/2005 1:02:26 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_93.cab
8/15/2005 1:02:26 AM RHS 26284 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_94.cab
8/15/2005 1:02:26 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_95.cab
8/15/2005 1:02:26 AM RHS 26290 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_96.cab
8/15/2005 1:02:26 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_97.cab
8/15/2005 1:02:26 AM RHS 26126 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_98.cab
8/15/2005 1:02:26 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_99.cab
8/14/2005 9:56:00 PM H 233472 C:\WINDOWS\repair\ntuser.dat
8/14/2005 9:54:44 PM RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest
8/14/2005 9:54:50 PM RH 488 C:\WINDOWS\system32\logonui.exe.manifest
8/14/2005 9:54:44 PM RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest
8/14/2005 9:54:44 PM RH 749 C:\WINDOWS\system32\nwc.cpl.manifest
8/14/2005 9:54:44 PM RH 749 C:\WINDOWS\system32\sapi.cpl.manifest
8/14/2005 9:54:50 PM RH 488 C:\WINDOWS\system32\WindowsLogon.manifest
8/14/2005 9:54:44 PM RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest
7/8/2005 4:23:18 PM S 12143 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893756.cat
7/19/2005 5:11:14 PM S 17860 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727-IE6SP1-20050719.165959.cat
9/1/2005 11:43:04 PM H 8192 C:\WINDOWS\system32\config\DEFAULT.LOG
9/1/2005 11:43:20 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
9/1/2005 11:43:12 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
9/1/2005 11:44:18 PM H 69632 C:\WINDOWS\system32\config\SOFTWARE.LOG
9/1/2005 11:43:12 PM H 720896 C:\WINDOWS\system32\config\SYSTEM.LOG
8/14/2005 5:35:24 PM H 1024 C:\WINDOWS\system32\config\userdiff.LOG
8/14/2005 11:56:20 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
8/14/2005 5:40:24 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini
8/14/2005 5:40:24 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini
8/14/2005 9:55:12 PM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini
8/14/2005 9:55:12 PM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
8/14/2005 9:55:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
8/14/2005 9:55:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
8/14/2005 9:55:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CPAZIF6B\desktop.ini
8/14/2005 9:55:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EFKXG9UJ\desktop.ini
8/14/2005 9:55:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IF05E1AD\desktop.ini
8/14/2005 9:55:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IHYFC565\desktop.ini
8/14/2005 9:54:52 PM HS 181 C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini
8/14/2005 5:40:24 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini
8/14/2005 9:55:58 PM HS 206 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini
8/14/2005 9:55:58 PM HS 482 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini
8/14/2005 9:55:58 PM HS 348 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini
8/14/2005 9:55:58 PM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
8/14/2005 9:55:58 PM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
8/18/2005 2:23:32 PM RH 19 C:\WINDOWS\system32\drivers\etc\hosts
8/15/2005 3:33:40 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\b302f374-42cf-4d6f-91f6-023bc3b7a7a1
8/15/2005 3:33:40 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
8/15/2005 1:08:12 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\55b09251-0b9f-447f-86fa-d486a691b69a
8/15/2005 1:08:12 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
9/1/2005 11:41:08 PM H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 8/23/2001 8:00:00 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 8/20/2003 10:37:38 PM 10435072 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/29/2002 6:41:28 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl
InstallShield Software Corporation6/16/2004 6:03:30 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 6/3/2005 3:52:54 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/29/2002 3:41:00 AM 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
8/14/2005 9:55:58 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/14/2005 5:40:24 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
Checking files in %USERPROFILE%\Startup folder...
8/22/2005 10:43:32 PM 988 C:\Documents and Settings\RyRy\Start Menu\Programs\Startup\Adobe Gamma.lnk
8/14/2005 9:55:58 PM HS 84 C:\Documents and Settings\RyRy\Start Menu\Programs\Startup\desktop.ini
8/29/2005 10:54:28 PM 614 C:\Documents and Settings\RyRy\Start Menu\Programs\Startup\WinMySQLadmin.lnk
Checking files in %USERPROFILE%\Application Data folder...
8/14/2005 5:40:24 PM HS 62 C:\Documents and Settings\RyRy\Application Data\desktop.ini
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
UberButton Class = C:\Program Files\Yahoo!\Common\yiesrvc.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}
YahooTaggedBM Class = C:\Program Files\Yahoo!\Common\YIeTagBm.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
ButtonText = Yahoo! Services :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SoundMan SOUNDMAN.EXE
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
CloneCDTray "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
MessengerPlus3 "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
ISUSPM Startup C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
NeroCheck C:\WINDOWS\System32\\NeroCheck.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Steam "c:\program files\valve\steam\steam.exe" -silent
MessengerPlus3 "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.5 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/1/2005 11:51:48 PM
-------------------------------
Luna.msstyles was NOT found on my system.
Here is the find.bat log:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"WCreatedUser"="1"
"LoadedBefore"="1"
"ThemeActive"="1"
"LastUserLangID"="1033"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,72,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,\
00,54,00,68,00,65,00,6d,00,65,00,73,00,5c,00,6c,00,75,00,6e,00,61,00,5c,00,\
6c,00,75,00,6e,00,61,00,2e,00,6d,00,73,00,73,00,74,00,79,00,6c,00,65,00,73,\
00,00,00
"ColorName"="NormalColor"
"SizeName"="NormalSize"
find1.bat log:
Volume in drive C has no label.
Volume Serial Number is 3885-D770
Directory of C:\WINDOWS\Resources\Themes
08/14/2005 05:33 PM <DIR> .
08/14/2005 05:33 PM <DIR> ..
09/01/2005 05:33 PM <DIR> Luna
08/23/2001 08:00 AM 1,222 Luna.theme
08/23/2001 08:00 AM 3,025 Windows Classic.theme
2 File(s) 4,247 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna
09/01/2005 05:33 PM <DIR> .
09/01/2005 05:33 PM <DIR> ..
08/14/2005 05:31 PM <DIR> Shell
0 File(s) 0 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna\Shell
08/14/2005 05:31 PM <DIR> .
08/14/2005 05:31 PM <DIR> ..
08/14/2005 05:33 PM <DIR> Homestead
08/14/2005 05:34 PM <DIR> Metallic
08/14/2005 05:32 PM <DIR> NormalColor
0 File(s) 0 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead
08/14/2005 05:33 PM <DIR> .
08/14/2005 05:33 PM <DIR> ..
08/23/2001 08:00 AM 362,496 shellstyle.dll
1 File(s) 362,496 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic
08/14/2005 05:34 PM <DIR> .
08/14/2005 05:34 PM <DIR> ..
08/23/2001 08:00 AM 362,496 shellstyle.dll
1 File(s) 362,496 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor
08/14/2005 05:32 PM <DIR> .
08/14/2005 05:32 PM <DIR> ..
08/23/2001 08:00 AM 361,472 shellstyle.dll
1 File(s) 361,472 bytes
Total Files Listed:
5 File(s) 1,090,711 bytes
17 Dir(s) 27,284,393,984 bytes free
End all logs and stuff
Oh, and also, p2pnetwork wasn't found, and I already deleted that winupdate eariler.
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Items found in C:\WINDOWS\hosts
Checking %System% folder...
PEC2 8/23/2001 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 7/12/2005 6:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 8/4/2005 10:01:54 AM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2005 10:01:54 AM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
Umonitor 8/29/2002 6:41:10 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/23/2001 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
Checking %System%\Drivers folder and sub-folders...
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/1/2005 11:43:10 PM S 2048 C:\WINDOWS\bootstat.dat
8/18/2005 2:23:32 PM RH 19 C:\WINDOWS\hosts
8/31/2005 2:40:08 PM H 54156 C:\WINDOWS\QTFont.qfn
8/14/2005 9:54:44 PM RH 749 C:\WINDOWS\WindowsShell.Manifest
8/15/2005 12:07:56 AM RHS 227 C:\WINDOWS\assembly\Desktop.ini
8/14/2005 9:54:50 PM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
8/14/2005 9:55:30 PM HS 67 C:\WINDOWS\Fonts\desktop.ini
8/15/2005 12:27:10 AM H 0 C:\WINDOWS\inf\oem12.inf
8/14/2005 10:16:50 PM H 0 C:\WINDOWS\inf\oem8.inf
8/14/2005 11:42:58 PM H 0 C:\WINDOWS\inf\oem9.inf
8/14/2005 9:54:50 PM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
8/14/2005 9:55:10 PM RHS 242478 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_1.cab
8/15/2005 12:28:10 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_10.cab
8/15/2005 12:28:10 AM RHS 25529 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_11.cab
8/15/2005 12:28:10 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_12.cab
8/15/2005 12:28:10 AM RHS 26316 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_13.cab
8/15/2005 12:28:10 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_14.cab
8/15/2005 12:28:10 AM RHS 26386 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_15.cab
8/15/2005 12:28:10 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_16.cab
8/15/2005 12:28:10 AM RHS 26656 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_17.cab
8/15/2005 12:28:10 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_18.cab
8/15/2005 12:28:12 AM RHS 26651 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_19.cab
8/14/2005 9:55:10 PM RHS 19959 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_2.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_20.cab
8/15/2005 12:28:12 AM RHS 26254 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_21.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_22.cab
8/15/2005 12:28:12 AM RHS 26107 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_23.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_24.cab
8/15/2005 12:28:12 AM RHS 26448 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_25.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_26.cab
8/15/2005 12:28:12 AM RHS 25852 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_27.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_28.cab
8/15/2005 12:28:12 AM RHS 26289 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_29.cab
8/14/2005 9:55:10 PM RHS 727 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_3.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_30.cab
8/15/2005 12:28:12 AM RHS 26382 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_31.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_32.cab
8/15/2005 12:28:12 AM RHS 26290 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_33.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_34.cab
8/15/2005 12:28:12 AM RHS 25895 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_35.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_36.cab
8/15/2005 12:28:12 AM RHS 26493 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_37.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_38.cab
8/15/2005 12:28:12 AM RHS 26228 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_39.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_40.cab
8/15/2005 12:28:12 AM RHS 26466 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_41.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_42.cab
8/15/2005 12:28:12 AM RHS 26282 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_43.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_44.cab
8/15/2005 12:28:12 AM RHS 26319 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_45.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_46.cab
8/15/2005 12:28:12 AM RHS 26283 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_47.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_48.cab
8/15/2005 12:28:12 AM RHS 26289 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_49.cab
8/15/2005 12:22:50 AM RHS 70111 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_5.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_50.cab
8/15/2005 12:28:12 AM RHS 26125 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_51.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_52.cab
8/15/2005 1:02:22 AM RHS 26173 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_53.cab
8/15/2005 1:02:22 AM RHS 25959 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_54.cab
8/15/2005 1:02:22 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_55.cab
8/15/2005 1:02:22 AM RHS 25566 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_56.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_57.cab
8/15/2005 1:02:24 AM RHS 25530 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_58.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_59.cab
8/15/2005 12:28:10 AM RHS 26172 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_6.cab
8/15/2005 1:02:24 AM RHS 26317 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_60.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_61.cab
8/15/2005 1:02:24 AM RHS 26387 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_62.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_63.cab
8/15/2005 1:02:24 AM RHS 26657 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_64.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_65.cab
8/15/2005 1:02:24 AM RHS 26652 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_66.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_67.cab
8/15/2005 1:02:24 AM RHS 26255 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_68.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_69.cab
8/15/2005 12:28:10 AM RHS 25958 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_7.cab
8/15/2005 1:02:24 AM RHS 26108 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_70.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_71.cab
8/15/2005 1:02:24 AM RHS 26449 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_72.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_73.cab
8/15/2005 1:02:24 AM RHS 25853 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_74.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_75.cab
8/15/2005 1:02:24 AM RHS 26290 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_76.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_77.cab
8/15/2005 1:02:24 AM RHS 26383 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_78.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_79.cab
8/15/2005 12:28:10 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_8.cab
8/15/2005 1:02:24 AM RHS 26291 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_80.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_81.cab
8/15/2005 1:02:24 AM RHS 25896 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_82.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_83.cab
8/15/2005 1:02:26 AM RHS 26494 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_84.cab
8/15/2005 1:02:26 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_85.cab
8/15/2005 1:02:26 AM RHS 26229 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_86.cab
8/15/2005 1:02:26 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_87.cab
8/15/2005 1:02:26 AM RHS 26467 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_88.cab
8/15/2005 1:02:26 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_89.cab
8/15/2005 12:28:10 AM RHS 25565 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_9.cab
8/15/2005 1:02:26 AM RHS 26283 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_90.cab
8/15/2005 1:02:26 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_91.cab
8/15/2005 1:02:26 AM RHS 26320 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_92.cab
8/15/2005 1:02:26 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_93.cab
8/15/2005 1:02:26 AM RHS 26284 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_94.cab
8/15/2005 1:02:26 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_95.cab
8/15/2005 1:02:26 AM RHS 26290 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_96.cab
8/15/2005 1:02:26 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_97.cab
8/15/2005 1:02:26 AM RHS 26126 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_98.cab
8/15/2005 1:02:26 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_99.cab
8/14/2005 9:56:00 PM H 233472 C:\WINDOWS\repair\ntuser.dat
8/14/2005 9:54:44 PM RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest
8/14/2005 9:54:50 PM RH 488 C:\WINDOWS\system32\logonui.exe.manifest
8/14/2005 9:54:44 PM RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest
8/14/2005 9:54:44 PM RH 749 C:\WINDOWS\system32\nwc.cpl.manifest
8/14/2005 9:54:44 PM RH 749 C:\WINDOWS\system32\sapi.cpl.manifest
8/14/2005 9:54:50 PM RH 488 C:\WINDOWS\system32\WindowsLogon.manifest
8/14/2005 9:54:44 PM RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest
7/8/2005 4:23:18 PM S 12143 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893756.cat
7/19/2005 5:11:14 PM S 17860 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727-IE6SP1-20050719.165959.cat
9/1/2005 11:43:04 PM H 8192 C:\WINDOWS\system32\config\DEFAULT.LOG
9/1/2005 11:43:20 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
9/1/2005 11:43:12 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
9/1/2005 11:44:18 PM H 69632 C:\WINDOWS\system32\config\SOFTWARE.LOG
9/1/2005 11:43:12 PM H 720896 C:\WINDOWS\system32\config\SYSTEM.LOG
8/14/2005 5:35:24 PM H 1024 C:\WINDOWS\system32\config\userdiff.LOG
8/14/2005 11:56:20 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
8/14/2005 5:40:24 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini
8/14/2005 5:40:24 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini
8/14/2005 9:55:12 PM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini
8/14/2005 9:55:12 PM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
8/14/2005 9:55:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
8/14/2005 9:55:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
8/14/2005 9:55:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CPAZIF6B\desktop.ini
8/14/2005 9:55:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EFKXG9UJ\desktop.ini
8/14/2005 9:55:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IF05E1AD\desktop.ini
8/14/2005 9:55:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IHYFC565\desktop.ini
8/14/2005 9:54:52 PM HS 181 C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini
8/14/2005 5:40:24 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini
8/14/2005 9:55:58 PM HS 206 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini
8/14/2005 9:55:58 PM HS 482 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini
8/14/2005 9:55:58 PM HS 348 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini
8/14/2005 9:55:58 PM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
8/14/2005 9:55:58 PM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
8/18/2005 2:23:32 PM RH 19 C:\WINDOWS\system32\drivers\etc\hosts
8/15/2005 3:33:40 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\b302f374-42cf-4d6f-91f6-023bc3b7a7a1
8/15/2005 3:33:40 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
8/15/2005 1:08:12 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\55b09251-0b9f-447f-86fa-d486a691b69a
8/15/2005 1:08:12 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
9/1/2005 11:41:08 PM H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 8/23/2001 8:00:00 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 8/20/2003 10:37:38 PM 10435072 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/29/2002 6:41:28 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl
InstallShield Software Corporation6/16/2004 6:03:30 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 6/3/2005 3:52:54 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/29/2002 3:41:00 AM 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
8/14/2005 9:55:58 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/14/2005 5:40:24 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
Checking files in %USERPROFILE%\Startup folder...
8/22/2005 10:43:32 PM 988 C:\Documents and Settings\RyRy\Start Menu\Programs\Startup\Adobe Gamma.lnk
8/14/2005 9:55:58 PM HS 84 C:\Documents and Settings\RyRy\Start Menu\Programs\Startup\desktop.ini
8/29/2005 10:54:28 PM 614 C:\Documents and Settings\RyRy\Start Menu\Programs\Startup\WinMySQLadmin.lnk
Checking files in %USERPROFILE%\Application Data folder...
8/14/2005 5:40:24 PM HS 62 C:\Documents and Settings\RyRy\Application Data\desktop.ini
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
UberButton Class = C:\Program Files\Yahoo!\Common\yiesrvc.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}
YahooTaggedBM Class = C:\Program Files\Yahoo!\Common\YIeTagBm.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
ButtonText = Yahoo! Services :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SoundMan SOUNDMAN.EXE
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
CloneCDTray "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
MessengerPlus3 "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
ISUSPM Startup C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
NeroCheck C:\WINDOWS\System32\\NeroCheck.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Steam "c:\program files\valve\steam\steam.exe" -silent
MessengerPlus3 "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.5 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/1/2005 11:51:48 PM
-------------------------------
Luna.msstyles was NOT found on my system.
Here is the find.bat log:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"WCreatedUser"="1"
"LoadedBefore"="1"
"ThemeActive"="1"
"LastUserLangID"="1033"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,72,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,\
00,54,00,68,00,65,00,6d,00,65,00,73,00,5c,00,6c,00,75,00,6e,00,61,00,5c,00,\
6c,00,75,00,6e,00,61,00,2e,00,6d,00,73,00,73,00,74,00,79,00,6c,00,65,00,73,\
00,00,00
"ColorName"="NormalColor"
"SizeName"="NormalSize"
find1.bat log:
Volume in drive C has no label.
Volume Serial Number is 3885-D770
Directory of C:\WINDOWS\Resources\Themes
08/14/2005 05:33 PM <DIR> .
08/14/2005 05:33 PM <DIR> ..
09/01/2005 05:33 PM <DIR> Luna
08/23/2001 08:00 AM 1,222 Luna.theme
08/23/2001 08:00 AM 3,025 Windows Classic.theme
2 File(s) 4,247 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna
09/01/2005 05:33 PM <DIR> .
09/01/2005 05:33 PM <DIR> ..
08/14/2005 05:31 PM <DIR> Shell
0 File(s) 0 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna\Shell
08/14/2005 05:31 PM <DIR> .
08/14/2005 05:31 PM <DIR> ..
08/14/2005 05:33 PM <DIR> Homestead
08/14/2005 05:34 PM <DIR> Metallic
08/14/2005 05:32 PM <DIR> NormalColor
0 File(s) 0 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead
08/14/2005 05:33 PM <DIR> .
08/14/2005 05:33 PM <DIR> ..
08/23/2001 08:00 AM 362,496 shellstyle.dll
1 File(s) 362,496 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic
08/14/2005 05:34 PM <DIR> .
08/14/2005 05:34 PM <DIR> ..
08/23/2001 08:00 AM 362,496 shellstyle.dll
1 File(s) 362,496 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor
08/14/2005 05:32 PM <DIR> .
08/14/2005 05:32 PM <DIR> ..
08/23/2001 08:00 AM 361,472 shellstyle.dll
1 File(s) 361,472 bytes
Total Files Listed:
5 File(s) 1,090,711 bytes
17 Dir(s) 27,284,393,984 bytes free
End all logs and stuff
Oh, and also, p2pnetwork wasn't found, and I already deleted that winupdate eariler.
8
Tech Clinic / Win32.P2P-Worm.Alcan.a
« on: September 01, 2005, 10:11:32 PM »
Thats the thing I did when my XP theme went bye bye. I had a problem using killbot,
C:\Program Files\MsConfigs\MsConfigs.exe
C:\WINDOWS\system32\p2pnetwork.exe
wouldn't copy into the bar. I still have my log from ewido though.
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 6:36:53 PM, 9/1/2005
+ Report-Checksum: 67FD185D
+ Scan result:
C:\Documents and Settings\RyRy\Complete\ McAfee VirusScan 10.0.21.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\19 2Pac Videos.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\2 Beautiful Lesbians.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\3D Album Commercial Suite 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\7 Seconds.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\7-Zip 4.18.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\7.Sins.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\AAA Logo 1.21.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Absolute Video Converter v2.5.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\ABviewer 5.0.1.47.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Ace Video Workshop v1.4.36.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\ActiveTarget 2.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Actual Window Menu v3.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Adobe Encore DVD 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Adobe Illustrator CS2 12.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Adobe Photoshop CS2 9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Adobe Photoshop CS2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Advanced MP3 Sound Recorder 1.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Agentm - Quiescense (Spiralexit 2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Ahead DVD Ripper 1.1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\AIR - Premiers Symptomes.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\AirStrike II Gulf Thunder 2.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Alias PortfolioWall.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Alicia Rhodes & Her Big Perfect Tits.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\All In One CoffeeCup Retail Software.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\All Media Fixer v4.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\All To Real Converter v4.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Amon Tobin - Out From Out Where.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\AnyDVD 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\APSW Budget Planner 3.0.1.35.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Ashampoo Burning Studio 5.0.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Ashampoo Photo Commander 3.02.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Atani v2.8.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Atomixmp3 2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Aurora MPEG To DVD Burner 4.6.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Autorun Design 3.0.0.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Av Voice Changer Diamond 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Baby ASP Web Server 2.6.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Bar Code 2 of 5 Interleaved Font Set v3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Batch And Print Pro v2.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Becky! Internet Mail 2.22.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Beyond the C++ Standard Library An Introduction to.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Big Tit [censored].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\BitDefender Pro Plus 9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\BitDefender Professional Plus 9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Bogart 5.30.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\CADENCE.ORCAD.SUITE.WITH.PSPICE.V10.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Capoeira - Sounds and Songs.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\CARCare Desktop Edition 2.0.079.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Carmen Electra- Playboy.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\CDCheck 3.1.7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Charlie & The Chocolate Factory dvdr.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\CHM2HTML Pilot 1.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Cleanerzoomer 3.0b.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\CloneCD 5.2.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\CoffeeCup Retail Software.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Cold.Fear.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Counting Crows - Films About Ghosts.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Cyberlink PowerCinema 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\CyD WEB Animation Studio v1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Dangerous Google - Searching for Secrets.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Danichi - Matrix Music.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Dear Wendy.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Death Cab For Cutie - Plans.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Deep Evil.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Deuce Bigalow European Gigolo.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Direct WAV MP3 Splitter 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\DISCREET.3DSMAX.GAMES.DEVELOPMENT.SERIES.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\DivX Play & Create Bundle 6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\DJ Sammy - Heaven.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Dolby Surround Plugin 4.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Dracula.III.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Driver Genius Professional 2005 5.1.915.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\DSL Speed 2.05.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\DVD Cloner Pro 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\DVD Cloner Pro v3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\DVD Ghost 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\DVD To Mp3 Converter v2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\DVD X CloneDVD 3.6.1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\DVDPean Pro v3.6.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Easy Music CD Burner 3.0.24.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\EditPro 1.57.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Ejay Mix Station.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Emergency 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Family Guy The Movie.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\FIFA 2005 SoundTracks.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\FileRecoveryAngel 1.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\FinePrint 5.41 Enterprise.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\FlashGet 1.71.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Focus Audio Converter v2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Font Fitting Room Deluxe v1.8.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Four Brothers.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Fraps 2.6.4.Retail-ZWT.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Fresh Download 7.36.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Fund Manager v7.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Futurama - S05E06 - Less than hero.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Gene6 FTP Server Professional 3.6.0.23.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Grand Theft Auto San Andreas.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Hide IP Platinum 1.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Hide IP Platinum 1.70.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Hide IP Platinum v1.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Honestech VHS to DVD 2.0 (Full Retail).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\IconCool Editor 4.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Insane 4x4 Offroad Racing.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Internet Download Accelerator 4.3.1.905.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Invision Community Blog 1.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\ISOpen v4.0.356.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Jay-Z - The Argyle Album (The Black Albu.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\jv16 PowerTools 1.5.1.307.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\K-Lite Mega Codec Pack 1.29.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\KasperskyAntiHacker 18180.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Kelis - Tasty.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Kerio Winroute Firewall 6.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Krystal First Time [censored].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\LimeWire Pro 4.9.19.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\LimeWire.Pro 4.9.23.1.Retail.Linux-ZWT.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Linkin Park-Reanimation.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Linux Enterprise Cluster Build one with Commodity Ha.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Man.Of.The.House.2005.NTSC.DVDr-FTC.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Maxthon 1.2.3 Combo.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\McFunSoft Video Solution v3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\MDaemon Pro 8.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Microsoft Internet Explorer 7 Beta 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Microsoft Windows Vista Beta 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\MICROSOFT.MONEY.2006.DELUXE.V15.RETAIL-S.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\ModelSim.SE.v6.0a-ROR.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Motion Studio 3.0.921.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\MP3 Collector Pro 2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\MP3 Doctor 5.10.92.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Mum - Finally We Are No One.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Nero Burning ROM 6.6.0.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Nero Burning ROM Ultra.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Nero CD-DVD Speed 3.80.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Netcam Watcher Pro 1.75.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Nicky Reed [censored] and Suck.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Norton Antivirus 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Norton Ghost 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Norton Internet Security 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Offline Explorer Pro 3.9.2104 SR1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Opera 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Paessler IPCheck Server Monitor 4.4.1.498.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Page O Labels For File Folders v2.90.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Page O Labels for Mailing Labels v2.90.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Paris Hilton Sex Tape.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\PC Surgeon 4.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Pegasus ISIS Xpress v2.0.16.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Pegasus PDFXpress v1.0.45.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Photoshop Restoration & Retouching.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Photoshop Restoration & Retouching.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Power Phone Book Enterprise 1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Prodigy - Always Outnumbered, Never Outg.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Public PC Desktop 2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\QK SMTP Server v3.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Quick Starter 2.1b.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Recover My Photos 2.80.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\RegFreeze 5.31.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Registry Clean Expert v3.64.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Registry Cleaner 32 v1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Registry Mechanic 5.0.0.144.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\RegSupreme Professional 1.2.0.35.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Remote Administrator 2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Road Rush 1.7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Sahara.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Saigon - Warning Shots.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Scorched3D 38.1b.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Serv-U 6.1.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Sex 13 min Japanese girl.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Shareaza 2.1.4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Sin.City.DVDRip.XviD-DiAMOND.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Sky High.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Smart CD Ripper Pro 2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Softany Monitor Control 2005 1.2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Sony ACID Pro 5.0c Build 345.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\South Park Episodes.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\SPAMfighter Standard 3.5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Steganos Safe 8.0.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Super DVD Creator 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Super Flexible File Synchronizer 2.50c.398.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\SuperVideoCap v4.19.390.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Surprise Maker 3.3.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Surprise Maker v3.3.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Synchromagic v4.3.0.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Systerac XP Tools v3.0d.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Tatu - Dangerous And Moving.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\The 40-Year Old Virgin.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\The All Seeing Eye v2.5c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\The Dukes of Hazzard.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\The Island (High Quality).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\The Island dvdr baco.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\The Kinks - Something Else By The Kinks.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\The Passion Of The Christ OST.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\The Sisterhood of the Traveling Pants (2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\The Sisterhood of the Traveling Pants.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\The Skeleton.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\ThumbsUp 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\THX.DTS.Dolby.Digital.Audio.Experience.T.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Toolbar Studio 1.5.46.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Toolbarcop 3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Trible X-The Next Level.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\TuneUp 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Tunnel Trance Force vol. 31.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Ulead VideoStudio 9.00.1300.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\UltraEdit-32 11.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Unleashed.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Unreal 2 The Awakening FPS.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\V.A. - Romantic Collection CD2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\VideoInspector v1.6.1.87.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Virtual CD 7.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\VSL LanToucher Instant Messenger v1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\WareZ News Magazine August 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Warez P2P 2.85 .zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\White Noise.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Windows Vaccine 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Windows XP 2005 Media Center.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Winferno PC Confidential 2005.2.212.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\WinGet v2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Wumpscut Discography.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\XoftSpy v4.15.109.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\XP Codec Pack 1.2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Zealot All Video Splitter 1.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\ZoneAlarm Pro 6.0.631.003.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Zoner Barcode Studio 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
::Report End
DO I have to do it all over? I will if needed, just that ewido took foreverhttp://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'
\' />
C:\Program Files\MsConfigs\MsConfigs.exe
C:\WINDOWS\system32\p2pnetwork.exe
wouldn't copy into the bar. I still have my log from ewido though.
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 6:36:53 PM, 9/1/2005
+ Report-Checksum: 67FD185D
+ Scan result:
C:\Documents and Settings\RyRy\Complete\ McAfee VirusScan 10.0.21.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\19 2Pac Videos.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\2 Beautiful Lesbians.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\3D Album Commercial Suite 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\7 Seconds.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\7-Zip 4.18.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\7.Sins.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\AAA Logo 1.21.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Absolute Video Converter v2.5.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\ABviewer 5.0.1.47.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Ace Video Workshop v1.4.36.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\ActiveTarget 2.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Actual Window Menu v3.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Adobe Encore DVD 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Adobe Illustrator CS2 12.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Adobe Photoshop CS2 9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Adobe Photoshop CS2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Advanced MP3 Sound Recorder 1.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Agentm - Quiescense (Spiralexit 2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Ahead DVD Ripper 1.1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\AIR - Premiers Symptomes.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\AirStrike II Gulf Thunder 2.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Alias PortfolioWall.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Alicia Rhodes & Her Big Perfect Tits.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\All In One CoffeeCup Retail Software.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\All Media Fixer v4.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\All To Real Converter v4.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Amon Tobin - Out From Out Where.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\AnyDVD 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\APSW Budget Planner 3.0.1.35.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Ashampoo Burning Studio 5.0.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Ashampoo Photo Commander 3.02.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Atani v2.8.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Atomixmp3 2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Aurora MPEG To DVD Burner 4.6.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Autorun Design 3.0.0.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Av Voice Changer Diamond 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Baby ASP Web Server 2.6.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Bar Code 2 of 5 Interleaved Font Set v3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Batch And Print Pro v2.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Becky! Internet Mail 2.22.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Beyond the C++ Standard Library An Introduction to.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Big Tit [censored].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\BitDefender Pro Plus 9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\BitDefender Professional Plus 9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Bogart 5.30.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\CADENCE.ORCAD.SUITE.WITH.PSPICE.V10.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Capoeira - Sounds and Songs.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\CARCare Desktop Edition 2.0.079.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Carmen Electra- Playboy.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\CDCheck 3.1.7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Charlie & The Chocolate Factory dvdr.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\CHM2HTML Pilot 1.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Cleanerzoomer 3.0b.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\CloneCD 5.2.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\CoffeeCup Retail Software.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Cold.Fear.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Counting Crows - Films About Ghosts.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Cyberlink PowerCinema 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\CyD WEB Animation Studio v1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Dangerous Google - Searching for Secrets.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Danichi - Matrix Music.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Dear Wendy.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Death Cab For Cutie - Plans.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Deep Evil.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Deuce Bigalow European Gigolo.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Direct WAV MP3 Splitter 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\DISCREET.3DSMAX.GAMES.DEVELOPMENT.SERIES.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\DivX Play & Create Bundle 6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\DJ Sammy - Heaven.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Dolby Surround Plugin 4.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Dracula.III.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Driver Genius Professional 2005 5.1.915.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\DSL Speed 2.05.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\DVD Cloner Pro 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\DVD Cloner Pro v3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\DVD Ghost 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\DVD To Mp3 Converter v2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\DVD X CloneDVD 3.6.1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\DVDPean Pro v3.6.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Easy Music CD Burner 3.0.24.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\EditPro 1.57.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Ejay Mix Station.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Emergency 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Family Guy The Movie.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\FIFA 2005 SoundTracks.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\FileRecoveryAngel 1.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\FinePrint 5.41 Enterprise.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\FlashGet 1.71.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Focus Audio Converter v2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Font Fitting Room Deluxe v1.8.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Four Brothers.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Fraps 2.6.4.Retail-ZWT.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Fresh Download 7.36.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Fund Manager v7.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Futurama - S05E06 - Less than hero.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Gene6 FTP Server Professional 3.6.0.23.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Grand Theft Auto San Andreas.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Hide IP Platinum 1.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Hide IP Platinum 1.70.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Hide IP Platinum v1.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Honestech VHS to DVD 2.0 (Full Retail).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\IconCool Editor 4.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Insane 4x4 Offroad Racing.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Internet Download Accelerator 4.3.1.905.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Invision Community Blog 1.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\ISOpen v4.0.356.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Jay-Z - The Argyle Album (The Black Albu.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\jv16 PowerTools 1.5.1.307.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\K-Lite Mega Codec Pack 1.29.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\KasperskyAntiHacker 18180.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Kelis - Tasty.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Kerio Winroute Firewall 6.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Krystal First Time [censored].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\LimeWire Pro 4.9.19.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\LimeWire.Pro 4.9.23.1.Retail.Linux-ZWT.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Linkin Park-Reanimation.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Linux Enterprise Cluster Build one with Commodity Ha.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Man.Of.The.House.2005.NTSC.DVDr-FTC.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Maxthon 1.2.3 Combo.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\McFunSoft Video Solution v3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\MDaemon Pro 8.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Microsoft Internet Explorer 7 Beta 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Microsoft Windows Vista Beta 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\MICROSOFT.MONEY.2006.DELUXE.V15.RETAIL-S.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\ModelSim.SE.v6.0a-ROR.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Motion Studio 3.0.921.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\MP3 Collector Pro 2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\MP3 Doctor 5.10.92.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Mum - Finally We Are No One.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Nero Burning ROM 6.6.0.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Nero Burning ROM Ultra.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Nero CD-DVD Speed 3.80.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Netcam Watcher Pro 1.75.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Nicky Reed [censored] and Suck.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Norton Antivirus 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Norton Ghost 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Norton Internet Security 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Offline Explorer Pro 3.9.2104 SR1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Opera 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Paessler IPCheck Server Monitor 4.4.1.498.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Page O Labels For File Folders v2.90.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Page O Labels for Mailing Labels v2.90.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Paris Hilton Sex Tape.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\PC Surgeon 4.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Pegasus ISIS Xpress v2.0.16.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Pegasus PDFXpress v1.0.45.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Photoshop Restoration & Retouching.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Photoshop Restoration & Retouching.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Power Phone Book Enterprise 1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Prodigy - Always Outnumbered, Never Outg.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Public PC Desktop 2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\QK SMTP Server v3.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Quick Starter 2.1b.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Recover My Photos 2.80.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\RegFreeze 5.31.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Registry Clean Expert v3.64.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Registry Cleaner 32 v1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Registry Mechanic 5.0.0.144.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\RegSupreme Professional 1.2.0.35.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Remote Administrator 2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Road Rush 1.7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Sahara.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Saigon - Warning Shots.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Scorched3D 38.1b.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Serv-U 6.1.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Sex 13 min Japanese girl.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Shareaza 2.1.4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Sin.City.DVDRip.XviD-DiAMOND.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Sky High.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Smart CD Ripper Pro 2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Softany Monitor Control 2005 1.2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Sony ACID Pro 5.0c Build 345.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\South Park Episodes.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\SPAMfighter Standard 3.5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Steganos Safe 8.0.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Super DVD Creator 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Super Flexible File Synchronizer 2.50c.398.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\SuperVideoCap v4.19.390.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Surprise Maker 3.3.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Surprise Maker v3.3.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Synchromagic v4.3.0.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Systerac XP Tools v3.0d.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Tatu - Dangerous And Moving.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\The 40-Year Old Virgin.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\The All Seeing Eye v2.5c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\The Dukes of Hazzard.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\The Island (High Quality).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\The Island dvdr baco.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\The Kinks - Something Else By The Kinks.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\The Passion Of The Christ OST.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\The Sisterhood of the Traveling Pants (2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\The Sisterhood of the Traveling Pants.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\The Skeleton.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\ThumbsUp 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\THX.DTS.Dolby.Digital.Audio.Experience.T.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Toolbar Studio 1.5.46.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Toolbarcop 3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Trible X-The Next Level.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\TuneUp 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Tunnel Trance Force vol. 31.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Ulead VideoStudio 9.00.1300.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\UltraEdit-32 11.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Unleashed.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Unreal 2 The Awakening FPS.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\V.A. - Romantic Collection CD2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\VideoInspector v1.6.1.87.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Virtual CD 7.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\VSL LanToucher Instant Messenger v1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\WareZ News Magazine August 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Warez P2P 2.85 .zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\White Noise.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Windows Vaccine 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Windows XP 2005 Media Center.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Winferno PC Confidential 2005.2.212.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\WinGet v2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Wumpscut Discography.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\XoftSpy v4.15.109.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\XP Codec Pack 1.2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Zealot All Video Splitter 1.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\ZoneAlarm Pro 6.0.631.003.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\RyRy\Complete\Zoner Barcode Studio 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
::Report End
DO I have to do it all over? I will if needed, just that ewido took forever
\' />
9
Tech Clinic / Win32.P2P-Worm.Alcan.a
« on: September 01, 2005, 09:46:42 PM »
Alright, I ran a scan with Ad-Aware and it said I have Win32.P2P-Worm.Alcan.a, i've tried SEVERAL diffrent ways to remove it and none have worked, I tried on of theme and my Windows XP theme disappeared. Here is my HJT log.
Logfile of HijackThis v1.99.1
Scan saved at 10:44:04 PM, on 9/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\program files\valve\steam\steam.exe
C:\mysql\bin\winmysqladmin.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\RyRy\Desktop\hijackthis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124072136404
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124077344108
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
I really need some help.
Also, WHAT does this thing do? I've noticed no changes to my system performance. Also in the Ad-Aware scan came up Tracking Cookies and an MRU list.
Please help.
Logfile of HijackThis v1.99.1
Scan saved at 10:44:04 PM, on 9/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\program files\valve\steam\steam.exe
C:\mysql\bin\winmysqladmin.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\RyRy\Desktop\hijackthis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124072136404
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124077344108
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
I really need some help.
Also, WHAT does this thing do? I've noticed no changes to my system performance. Also in the Ad-Aware scan came up Tracking Cookies and an MRU list.
Please help.
Pages: [1]