Author Topic: Win32.P2P-Worm.Alcan.a (Read 4415 times)

Sanuska · « **on:** September 01, 2005, 09:46:42 PM »

Alright, I ran a scan with Ad-Aware and it said I have Win32.P2P-Worm.Alcan.a, i've tried SEVERAL diffrent ways to remove it and none have worked, I tried on of theme and my Windows XP theme disappeared. Here is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 10:44:04 PM, on 9/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\program files\valve\steam\steam.exe
C:\mysql\bin\winmysqladmin.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\RyRy\Desktop\hijackthis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124072136404
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124077344108
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

I really need some help.

Also, WHAT does this thing do? I've noticed no changes to my system performance. Also in the Ad-Aware scan came up Tracking Cookies and an MRU list.

Please help.

guestolo · « **Reply #1 on:** September 01, 2005, 09:56:34 PM »

Can you do the following please

==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0
Give the link time to load or try it twice, it may be busy
Don't run this yet, we'll need it in a bit

==Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
When installing, you may be prompted to update, allow it but don't run a scan yet

==Open Ewido
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now

==Download the Killbox by Option^Explicit. [color=\"red\"]*In the event you already have Killbox, this is a new version that I need you to download[/color].
* Save it to your desktop or a folder

Please Save these instructions too a Notepad file on the desktop for reference
and/or Print this out

Run Pocket KillBox.exe

In the killbox program, select the Delete on Reboot option.
Copy the file names below to the clipboard by highlighting them and pressing
Control + C

Killbox files to highlight between dotted lines
===================================================
C:\Program Files\MsConfigs\MsConfigs.exe
C:\WINDOWS\system32\p2pnetwork.exe
C:\WINDOWS\system32\CMD.COM
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tracert.com
C:\Program Files\winupdate\winupdate.exe

===================================================
*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer doesn't restart
Please Restart it now manually into SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link
I supplied for a more detailed explanation

In safe mode

Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.

Find and delete this folder if found
C:\Program Files\winupdates <-this folder

==Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files
DECLINE to Log off or Restart when scan is done.

==Open Ewido trojan scanner
Click on the Scanner button on the left menu
Click on the Settings button on the right
Select "Scan Every File"
OK it and then click on the "Complete System Scan"
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

NOTE: When Ewido is running do NOT open any other Windows
Let it do it's job

Open Ad-Aware
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

Restart back to Normal mode

Run Hijackthis again and post a fresh Hijackthis log
and the report from Ewidos

Sanuska · « **Reply #2 on:** September 01, 2005, 10:11:32 PM »

Thats the thing I did when my XP theme went bye bye. I had a problem using killbot,

C:\Program Files\MsConfigs\MsConfigs.exe
C:\WINDOWS\system32\p2pnetwork.exe

wouldn't copy into the bar. I still have my log from ewido though.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:         6:36:53 PM, 9/1/2005
+ Report-Checksum:      67FD185D

+ Scan result:

   C:\Documents and Settings\RyRy\Complete\ McAfee VirusScan 10.0.21.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\19 2Pac Videos.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\2 Beautiful Lesbians.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\3D Album Commercial Suite 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\7 Seconds.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\7-Zip 4.18.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\7.Sins.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\AAA Logo 1.21.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Absolute Video Converter v2.5.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\ABviewer 5.0.1.47.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Ace Video Workshop v1.4.36.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\ActiveTarget 2.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Actual Window Menu v3.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Adobe Encore DVD 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Adobe Illustrator CS2 12.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Adobe Photoshop CS2 9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Adobe Photoshop CS2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Advanced MP3 Sound Recorder 1.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Agentm - Quiescense (Spiralexit 2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Ahead DVD Ripper 1.1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\AIR - Premiers Symptomes.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\AirStrike II Gulf Thunder 2.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Alias PortfolioWall.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Alicia Rhodes & Her Big Perfect Tits.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\All In One CoffeeCup Retail Software.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\All Media Fixer v4.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\All To Real Converter v4.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Amon Tobin - Out From Out Where.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\AnyDVD 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\APSW Budget Planner 3.0.1.35.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Ashampoo Burning Studio 5.0.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Ashampoo Photo Commander 3.02.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Atani v2.8.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Atomixmp3 2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Aurora MPEG To DVD Burner 4.6.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Autorun Design 3.0.0.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Av Voice Changer Diamond 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Baby ASP Web Server 2.6.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Bar Code 2 of 5 Interleaved Font Set v3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Batch And Print Pro v2.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Becky! Internet Mail 2.22.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Beyond the C++ Standard Library An Introduction to.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Big Tit [censored].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\BitDefender Pro Plus 9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\BitDefender Professional Plus 9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Bogart 5.30.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\CADENCE.ORCAD.SUITE.WITH.PSPICE.V10.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Capoeira - Sounds and Songs.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\CARCare Desktop Edition 2.0.079.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Carmen Electra- Playboy.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\CDCheck 3.1.7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Charlie & The Chocolate Factory dvdr.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\CHM2HTML Pilot 1.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Cleanerzoomer 3.0b.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\CloneCD 5.2.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\CoffeeCup Retail Software.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Cold.Fear.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Counting Crows - Films About Ghosts.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Cyberlink PowerCinema 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\CyD WEB Animation Studio v1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Dangerous Google - Searching for Secrets.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Danichi - Matrix Music.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Dear Wendy.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Death Cab For Cutie - Plans.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Deep Evil.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Deuce Bigalow European Gigolo.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Direct WAV MP3 Splitter 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\DISCREET.3DSMAX.GAMES.DEVELOPMENT.SERIES.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\DivX Play & Create Bundle 6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\DJ Sammy - Heaven.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Dolby Surround Plugin 4.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Dracula.III.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Driver Genius Professional 2005 5.1.915.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\DSL Speed 2.05.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\DVD Cloner Pro 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\DVD Cloner Pro v3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\DVD Ghost 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\DVD To Mp3 Converter v2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\DVD X CloneDVD 3.6.1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\DVDPean Pro v3.6.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Easy Music CD Burner 3.0.24.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\EditPro 1.57.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Ejay Mix Station.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Emergency 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Family Guy The Movie.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\FIFA 2005 SoundTracks.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\FileRecoveryAngel 1.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\FinePrint 5.41 Enterprise.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\FlashGet 1.71.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Focus Audio Converter v2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Font Fitting Room Deluxe v1.8.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Four Brothers.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Fraps 2.6.4.Retail-ZWT.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Fresh Download 7.36.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Fund Manager v7.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Futurama - S05E06 - Less than hero.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Gene6 FTP Server Professional 3.6.0.23.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Grand Theft Auto San Andreas.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Hide IP Platinum 1.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Hide IP Platinum 1.70.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Hide IP Platinum v1.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Honestech VHS to DVD 2.0 (Full Retail).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\IconCool Editor 4.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Insane 4x4 Offroad Racing.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Internet Download Accelerator 4.3.1.905.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Invision Community Blog 1.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\ISOpen v4.0.356.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Jay-Z - The Argyle Album (The Black Albu.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\jv16 PowerTools 1.5.1.307.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\K-Lite Mega Codec Pack 1.29.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\KasperskyAntiHacker 18180.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Kelis - Tasty.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Kerio Winroute Firewall 6.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Krystal First Time [censored].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\LimeWire Pro 4.9.19.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\LimeWire.Pro 4.9.23.1.Retail.Linux-ZWT.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Linkin Park-Reanimation.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Linux Enterprise Cluster Build one with Commodity Ha.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Man.Of.The.House.2005.NTSC.DVDr-FTC.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Maxthon 1.2.3 Combo.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\McFunSoft Video Solution v3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\MDaemon Pro 8.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Microsoft Internet Explorer 7 Beta 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Microsoft Windows Vista Beta 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\MICROSOFT.MONEY.2006.DELUXE.V15.RETAIL-S.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\ModelSim.SE.v6.0a-ROR.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Motion Studio 3.0.921.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\MP3 Collector Pro 2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\MP3 Doctor 5.10.92.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Mum - Finally We Are No One.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Nero Burning ROM 6.6.0.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Nero Burning ROM Ultra.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Nero CD-DVD Speed 3.80.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Netcam Watcher Pro 1.75.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Nicky Reed [censored] and Suck.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Norton Antivirus 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Norton Ghost 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Norton Internet Security 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Offline Explorer Pro 3.9.2104 SR1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Opera 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Paessler IPCheck Server Monitor 4.4.1.498.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Page O Labels For File Folders v2.90.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Page O Labels for Mailing Labels v2.90.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Paris Hilton Sex Tape.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\PC Surgeon 4.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Pegasus ISIS Xpress v2.0.16.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Pegasus PDFXpress v1.0.45.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Photoshop Restoration & Retouching.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Photoshop Restoration & Retouching.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Power Phone Book Enterprise 1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Prodigy - Always Outnumbered, Never Outg.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Public PC Desktop 2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\QK SMTP Server v3.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Quick Starter 2.1b.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Recover My Photos 2.80.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\RegFreeze 5.31.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Registry Clean Expert v3.64.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Registry Cleaner 32 v1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Registry Mechanic 5.0.0.144.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\RegSupreme Professional 1.2.0.35.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Remote Administrator 2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Road Rush 1.7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Sahara.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Saigon - Warning Shots.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Scorched3D 38.1b.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Serv-U 6.1.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Sex 13 min Japanese girl.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Shareaza 2.1.4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Sin.City.DVDRip.XviD-DiAMOND.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Sky High.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Smart CD Ripper Pro 2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Softany Monitor Control 2005 1.2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Sony ACID Pro 5.0c Build 345.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\South Park Episodes.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\SPAMfighter Standard 3.5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Steganos Safe 8.0.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Super DVD Creator 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Super Flexible File Synchronizer 2.50c.398.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\SuperVideoCap v4.19.390.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Surprise Maker 3.3.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Surprise Maker v3.3.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Synchromagic v4.3.0.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Systerac XP Tools v3.0d.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Tatu - Dangerous And Moving.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\The 40-Year Old Virgin.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\The All Seeing Eye v2.5c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\The Dukes of Hazzard.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\The Island (High Quality).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\The Island dvdr baco.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\The Kinks - Something Else By The Kinks.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\The Passion Of The Christ OST.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\The Sisterhood of the Traveling Pants (2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\The Sisterhood of the Traveling Pants.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\The Skeleton.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\ThumbsUp 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\THX.DTS.Dolby.Digital.Audio.Experience.T.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Toolbar Studio 1.5.46.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Toolbarcop 3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Trible X-The Next Level.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\TuneUp 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Tunnel Trance Force vol. 31.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Ulead VideoStudio 9.00.1300.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\UltraEdit-32 11.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Unleashed.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Unreal 2 The Awakening FPS.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\V.A. - Romantic Collection CD2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\VideoInspector v1.6.1.87.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Virtual CD 7.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\VSL LanToucher Instant Messenger v1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\WareZ News Magazine August 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Warez P2P 2.85 .zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\White Noise.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Windows Vaccine 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Windows XP 2005 Media Center.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Winferno PC Confidential 2005.2.212.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\WinGet v2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Wumpscut Discography.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\XoftSpy v4.15.109.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\XP Codec Pack 1.2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Zealot All Video Splitter 1.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\ZoneAlarm Pro 6.0.631.003.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\RyRy\Complete\Zoner Barcode Studio 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup

::Report End

DO I have to do it all over? I will if needed, just that ewido took forever

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #3 on:** September 01, 2005, 10:23:17 PM »

Can you do something for me please
With Windows set to show hidden files and folders

==Download and save WinPFind.zip
UNZIP the contents to your desktop
Don't run it yet

Restart in safe mode

If the following are present delete them
C:\WINDOWS\system32\p2pnetwork.exe <-this file
and this folder
C:\Program Files\winupdates <-this folder

Navigate to the following folder
C:\Documents and Settings\RyRy\Complete <-folder
If present open it, if empty or contains files you don't recognize delete the whole "Complete" folder

In safe mode
Open the WinPFind folder you extracted to desktop
Double click on WinPFind.exe
Then click Start Scan
This could take some time as it will scan your drive
Once the Scan is Complete
1. Reboot back to Normal mode
2. Go to the WinPFind folder
3. Locate WinPFind.txt in the WinPfind folder

Post the results of the WindPFind.txt

Also, Can you do a SEARCH on your computer for

Luna.msstyles

Make sure you type that in properly or copy and paste it
Also in Search under the Advanced options ensure the top 3 entries are selected which includes Search Hidden Files and folders

If Luna.msstyles is found
Let me know the exact location and size
In case I must link you to a file, I just want to double check

Additionally, Download find.zip
and UNZIP the contents too desktop

Double click on Find.bat and post the contents
Do the Same with Find1.bat

Sanuska · « **Reply #4 on:** September 01, 2005, 11:03:35 PM »

Alright, here is my WinPFind log:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Items found in C:\WINDOWS\hosts

Checking %System% folder...
PEC2 8/23/2001 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 7/12/2005 6:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 8/4/2005 10:01:54 AM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2005 10:01:54 AM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
Umonitor 8/29/2002 6:41:10 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/23/2001 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/1/2005 11:43:10 PM S 2048 C:\WINDOWS\bootstat.dat
8/18/2005 2:23:32 PM RH 19 C:\WINDOWS\hosts
8/31/2005 2:40:08 PM H 54156 C:\WINDOWS\QTFont.qfn
8/14/2005 9:54:44 PM RH 749 C:\WINDOWS\WindowsShell.Manifest
8/15/2005 12:07:56 AM RHS 227 C:\WINDOWS\assembly\Desktop.ini
8/14/2005 9:54:50 PM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
8/14/2005 9:55:30 PM HS 67 C:\WINDOWS\Fonts\desktop.ini
8/15/2005 12:27:10 AM H 0 C:\WINDOWS\inf\oem12.inf
8/14/2005 10:16:50 PM H 0 C:\WINDOWS\inf\oem8.inf
8/14/2005 11:42:58 PM H 0 C:\WINDOWS\inf\oem9.inf
8/14/2005 9:54:50 PM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
8/14/2005 9:55:10 PM RHS 242478 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_1.cab
8/15/2005 12:28:10 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_10.cab
8/15/2005 12:28:10 AM RHS 25529 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_11.cab
8/15/2005 12:28:10 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_12.cab
8/15/2005 12:28:10 AM RHS 26316 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_13.cab
8/15/2005 12:28:10 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_14.cab
8/15/2005 12:28:10 AM RHS 26386 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_15.cab
8/15/2005 12:28:10 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_16.cab
8/15/2005 12:28:10 AM RHS 26656 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_17.cab
8/15/2005 12:28:10 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_18.cab
8/15/2005 12:28:12 AM RHS 26651 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_19.cab
8/14/2005 9:55:10 PM RHS 19959 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_2.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_20.cab
8/15/2005 12:28:12 AM RHS 26254 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_21.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_22.cab
8/15/2005 12:28:12 AM RHS 26107 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_23.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_24.cab
8/15/2005 12:28:12 AM RHS 26448 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_25.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_26.cab
8/15/2005 12:28:12 AM RHS 25852 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_27.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_28.cab
8/15/2005 12:28:12 AM RHS 26289 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_29.cab
8/14/2005 9:55:10 PM RHS 727 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_3.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_30.cab
8/15/2005 12:28:12 AM RHS 26382 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_31.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_32.cab
8/15/2005 12:28:12 AM RHS 26290 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_33.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_34.cab
8/15/2005 12:28:12 AM RHS 25895 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_35.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_36.cab
8/15/2005 12:28:12 AM RHS 26493 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_37.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_38.cab
8/15/2005 12:28:12 AM RHS 26228 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_39.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_40.cab
8/15/2005 12:28:12 AM RHS 26466 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_41.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_42.cab
8/15/2005 12:28:12 AM RHS 26282 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_43.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_44.cab
8/15/2005 12:28:12 AM RHS 26319 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_45.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_46.cab
8/15/2005 12:28:12 AM RHS 26283 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_47.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_48.cab
8/15/2005 12:28:12 AM RHS 26289 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_49.cab
8/15/2005 12:22:50 AM RHS 70111 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_5.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_50.cab
8/15/2005 12:28:12 AM RHS 26125 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_51.cab
8/15/2005 12:28:12 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_52.cab
8/15/2005 1:02:22 AM RHS 26173 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_53.cab
8/15/2005 1:02:22 AM RHS 25959 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_54.cab
8/15/2005 1:02:22 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_55.cab
8/15/2005 1:02:22 AM RHS 25566 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_56.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_57.cab
8/15/2005 1:02:24 AM RHS 25530 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_58.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_59.cab
8/15/2005 12:28:10 AM RHS 26172 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_6.cab
8/15/2005 1:02:24 AM RHS 26317 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_60.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_61.cab
8/15/2005 1:02:24 AM RHS 26387 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_62.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_63.cab
8/15/2005 1:02:24 AM RHS 26657 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_64.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_65.cab
8/15/2005 1:02:24 AM RHS 26652 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_66.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_67.cab
8/15/2005 1:02:24 AM RHS 26255 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_68.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_69.cab
8/15/2005 12:28:10 AM RHS 25958 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_7.cab
8/15/2005 1:02:24 AM RHS 26108 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_70.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_71.cab
8/15/2005 1:02:24 AM RHS 26449 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_72.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_73.cab
8/15/2005 1:02:24 AM RHS 25853 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_74.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_75.cab
8/15/2005 1:02:24 AM RHS 26290 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_76.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_77.cab
8/15/2005 1:02:24 AM RHS 26383 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_78.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_79.cab
8/15/2005 12:28:10 AM RHS 10469 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_8.cab
8/15/2005 1:02:24 AM RHS 26291 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_80.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_81.cab
8/15/2005 1:02:24 AM RHS 25896 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_82.cab
8/15/2005 1:02:24 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_83.cab
8/15/2005 1:02:26 AM RHS 26494 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_84.cab
8/15/2005 1:02:26 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_85.cab
8/15/2005 1:02:26 AM RHS 26229 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_86.cab
8/15/2005 1:02:26 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_87.cab
8/15/2005 1:02:26 AM RHS 26467 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_88.cab
8/15/2005 1:02:26 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_89.cab
8/15/2005 12:28:10 AM RHS 25565 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_9.cab
8/15/2005 1:02:26 AM RHS 26283 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_90.cab
8/15/2005 1:02:26 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_91.cab
8/15/2005 1:02:26 AM RHS 26320 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_92.cab
8/15/2005 1:02:26 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_93.cab
8/15/2005 1:02:26 AM RHS 26284 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_94.cab
8/15/2005 1:02:26 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_95.cab
8/15/2005 1:02:26 AM RHS 26290 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_96.cab
8/15/2005 1:02:26 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_97.cab
8/15/2005 1:02:26 AM RHS 26126 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_98.cab
8/15/2005 1:02:26 AM RHS 10470 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_99.cab
8/14/2005 9:56:00 PM H 233472 C:\WINDOWS\repair\ntuser.dat
8/14/2005 9:54:44 PM RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest
8/14/2005 9:54:50 PM RH 488 C:\WINDOWS\system32\logonui.exe.manifest
8/14/2005 9:54:44 PM RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest
8/14/2005 9:54:44 PM RH 749 C:\WINDOWS\system32\nwc.cpl.manifest
8/14/2005 9:54:44 PM RH 749 C:\WINDOWS\system32\sapi.cpl.manifest
8/14/2005 9:54:50 PM RH 488 C:\WINDOWS\system32\WindowsLogon.manifest
8/14/2005 9:54:44 PM RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest
7/8/2005 4:23:18 PM S 12143 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893756.cat
7/19/2005 5:11:14 PM S 17860 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727-IE6SP1-20050719.165959.cat
9/1/2005 11:43:04 PM H 8192 C:\WINDOWS\system32\config\DEFAULT.LOG
9/1/2005 11:43:20 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
9/1/2005 11:43:12 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
9/1/2005 11:44:18 PM H 69632 C:\WINDOWS\system32\config\SOFTWARE.LOG
9/1/2005 11:43:12 PM H 720896 C:\WINDOWS\system32\config\SYSTEM.LOG
8/14/2005 5:35:24 PM H 1024 C:\WINDOWS\system32\config\userdiff.LOG
8/14/2005 11:56:20 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
8/14/2005 5:40:24 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini
8/14/2005 5:40:24 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini
8/14/2005 9:55:12 PM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini
8/14/2005 9:55:12 PM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
8/14/2005 9:55:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
8/14/2005 9:55:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
8/14/2005 9:55:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CPAZIF6B\desktop.ini
8/14/2005 9:55:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EFKXG9UJ\desktop.ini
8/14/2005 9:55:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IF05E1AD\desktop.ini
8/14/2005 9:55:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IHYFC565\desktop.ini
8/14/2005 9:54:52 PM HS 181 C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini
8/14/2005 5:40:24 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini
8/14/2005 9:55:58 PM HS 206 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini
8/14/2005 9:55:58 PM HS 482 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini
8/14/2005 9:55:58 PM HS 348 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini
8/14/2005 9:55:58 PM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
8/14/2005 9:55:58 PM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
8/18/2005 2:23:32 PM RH 19 C:\WINDOWS\system32\drivers\etc\hosts
8/15/2005 3:33:40 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\b302f374-42cf-4d6f-91f6-023bc3b7a7a1
8/15/2005 3:33:40 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
8/15/2005 1:08:12 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\55b09251-0b9f-447f-86fa-d486a691b69a
8/15/2005 1:08:12 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
9/1/2005 11:41:08 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/23/2001 8:00:00 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 8/20/2003 10:37:38 PM 10435072 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/29/2002 6:41:28 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl
InstallShield Software Corporation6/16/2004 6:03:30 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 6/3/2005 3:52:54 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/29/2002 3:41:00 AM 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
8/14/2005 9:55:58 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/14/2005 5:40:24 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
8/22/2005 10:43:32 PM 988 C:\Documents and Settings\RyRy\Start Menu\Programs\Startup\Adobe Gamma.lnk
8/14/2005 9:55:58 PM HS 84 C:\Documents and Settings\RyRy\Start Menu\Programs\Startup\desktop.ini
8/29/2005 10:54:28 PM 614 C:\Documents and Settings\RyRy\Start Menu\Programs\Startup\WinMySQLadmin.lnk

Checking files in %USERPROFILE%\Application Data folder...
8/14/2005 5:40:24 PM HS 62 C:\Documents and Settings\RyRy\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
   {5464D816-CF16-4784-B9F3-75C0DB52B499}    = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}    = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
    = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
   UberButton Class = C:\Program Files\Yahoo!\Common\yiesrvc.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}
   YahooTaggedBM Class = C:\Program Files\Yahoo!\Common\YIeTagBm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
   &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
   {8E718888-423F-11D2-876E-00A0C9082467}    = &Radio   : C:\WINDOWS\System32\msdxm.ocx
   {EF99BD32-C1FB-11D2-892F-0090271D4F88}    = Yahoo! Toolbar   : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
   MenuText    = Sun Java Console   : C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
   ButtonText    = Yahoo! Services   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
   ButtonText    = AIM   : C:\Program Files\AIM\aim.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
   Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
   &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : %SystemRoot%\system32\SHELL32.dll
   {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar   : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   SoundMan   SOUNDMAN.EXE
   QuickTime Task   "C:\Program Files\QuickTime\qttask.exe" -atboottime
   SunJavaUpdateSched   C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
   CloneCDTray   "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
   MessengerPlus3   "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
   ISUSPM Startup   C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
   ISUSScheduler   "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
   NeroCheck   C:\WINDOWS\System32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   Steam   "c:\program files\valve\steam\steam.exe" -silent
   MessengerPlus3   "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
   {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
   {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
   {0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   dontdisplaylastusername   0
   legalnoticecaption
   legalnoticetext
   shutdownwithoutlogon   1
   undockwithoutlogon   1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   145

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
   PostBootReminder    {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
   CDBurn    {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
   WebCheck    {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
   SysTray     {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   UserInit   = C:\WINDOWS\system32\userinit.exe,
   Shell      = Explorer.exe
   System      =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
    = Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
   Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.5   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/1/2005 11:51:48 PM

-------------------------------

Luna.msstyles was NOT found on my system.

Here is the find.bat log:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"WCreatedUser"="1"
"LoadedBefore"="1"
"ThemeActive"="1"
"LastUserLangID"="1033"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,72,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,\
00,54,00,68,00,65,00,6d,00,65,00,73,00,5c,00,6c,00,75,00,6e,00,61,00,5c,00,\
6c,00,75,00,6e,00,61,00,2e,00,6d,00,73,00,73,00,74,00,79,00,6c,00,65,00,73,\
00,00,00
"ColorName"="NormalColor"
"SizeName"="NormalSize"

find1.bat log:

Volume in drive C has no label.
Volume Serial Number is 3885-D770

Directory of C:\WINDOWS\Resources\Themes

08/14/2005 05:33 PM <DIR> .
08/14/2005 05:33 PM <DIR> ..
09/01/2005 05:33 PM <DIR> Luna
08/23/2001 08:00 AM 1,222 Luna.theme
08/23/2001 08:00 AM 3,025 Windows Classic.theme
2 File(s) 4,247 bytes

Directory of C:\WINDOWS\Resources\Themes\Luna

09/01/2005 05:33 PM <DIR> .
09/01/2005 05:33 PM <DIR> ..
08/14/2005 05:31 PM <DIR> Shell
0 File(s) 0 bytes

Directory of C:\WINDOWS\Resources\Themes\Luna\Shell

08/14/2005 05:31 PM <DIR> .
08/14/2005 05:31 PM <DIR> ..
08/14/2005 05:33 PM <DIR> Homestead
08/14/2005 05:34 PM <DIR> Metallic
08/14/2005 05:32 PM <DIR> NormalColor
0 File(s) 0 bytes

Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead

08/14/2005 05:33 PM <DIR> .
08/14/2005 05:33 PM <DIR> ..
08/23/2001 08:00 AM 362,496 shellstyle.dll
1 File(s) 362,496 bytes

Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic

08/14/2005 05:34 PM <DIR> .
08/14/2005 05:34 PM <DIR> ..
08/23/2001 08:00 AM 362,496 shellstyle.dll
1 File(s) 362,496 bytes

Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor

08/14/2005 05:32 PM <DIR> .
08/14/2005 05:32 PM <DIR> ..
08/23/2001 08:00 AM 361,472 shellstyle.dll
1 File(s) 361,472 bytes

Total Files Listed:
5 File(s) 1,090,711 bytes
17 Dir(s) 27,284,393,984 bytes free

End all logs and stuff

Oh, and also, p2pnetwork wasn't found, and I already deleted that winupdate eariler.

guestolo · « **Reply #5 on:** September 01, 2005, 11:38:58 PM »

Can you navigate to this file and send it too the recycle bin
C:\WINDOWS\hosts <-file

Afterwards

Download the ZIP file I uploaded below and save Luna.zip to your desktop
UNZIP the contents of luna.zip to

C:\WINDOWS\Resources\Themes\Luna <-this folder

Don't unzip it to anywhere else but the Luna folder

Now open your Display Properties and see if you can change to Windows XP Under the Themes and Appearance tabs

Could you also do the following
Open Hijackthis>>Open Misc tools section>>Open Hosts file manager
Click the OPEN IN NOTEPAD button

A text file will open, copy and paste back here the whole contents please

~removed attachment~

Sanuska · « **Reply #6 on:** September 01, 2005, 11:45:06 PM »

Hey! Alrighty, somehow my folder view options were changed, I changed them back and found Luna.msstyles. Sorry for the change, but I didn't notice untill I looked due to not finding hosts, also I deleted that, should I put it back?

Size is 4,089 kb

Should I still do what you said above?

guestolo · « **Reply #7 on:** September 02, 2005, 08:30:21 AM »

Go ahead and navigate to the luna.msstyles you found on your computer
Right click on it and Copy it and then
Paste it too the

C:\WINDOWS\Resources\Themes\Luna <-this folder

Leave that hosts file in the recycle bin, your good hosts file is in a different directory

Carry on with the previous instructions
Minus unzipping the luna.msstyle I had you download

Sanuska · « **Reply #8 on:** September 02, 2005, 01:25:59 PM »

Alright, yes, I can and did change it back to the XP theme.

Here is the host things:

127.0.0.1 localhost

thats all.

guestolo · « **Reply #9 on:** September 02, 2005, 10:12:29 PM »

Looks good

If everything is running better, please do the following
You should disable system restore---restart your computer--enable system restore
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature

Once back in Windows and System Restore is reenabled

You should set up protection against future attacks
SpywareBlaster 3.4 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply click the "enable all protection"

Sanuska · « **Reply #10 on:** September 02, 2005, 10:48:55 PM »

So....after I do all that I can attempt to remove it? Just use a prgram like Ad-Aware to remove it?

guestolo · « **Reply #11 on:** September 02, 2005, 10:53:50 PM »

Quote

So....after I do all that I can attempt to remove it? Just use a prgram like Ad-Aware to remove it?

Can you explain what you mean by that?

Sanuska · « **Reply #12 on:** September 02, 2005, 11:41:43 PM »

Sorry, tired.

What I mean is, after I do what you said above, may I attempt to remove it with a program such as Ad-Aware? I don't have Norton or anything installed yet due to the fact that I just reformatted.

guestolo · « **Reply #13 on:** September 02, 2005, 11:47:11 PM »

Oh, I see

Your tired, I never even noticed you weren't running an AV on your system
I'm tired too

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Not too safe running with no AV, especially when using File sharing programs

This worm you had probably came from Limewire, I suspect you have or had it installed
Watch what you download and scan everything you download with an updated AV

Are you intending on reinstalling Nortons'?
If so, please install it and run a full system scan

If you don't intend on installing Norton's and need a free solution let me know

As of yet, I don't know of an AV that can remove all the remnants of this worm
or Spyware Removal tool
But you said you had
Win32.P2P-Worm.Alcan.a and I didn't see any traces of it
Not sure what fixes you tried however prior too posting your log
We may of removed some bad files with Killbox earlier if they were still hanging around?

Sanuska · « **Reply #14 on:** September 03, 2005, 12:43:55 AM »

Your a miracle working, I swear it. I can Ctrl + Alt + Del now!

And yes, I do intend on reinstalling Nortan unless there is a program that levels it and is free.

And yes, it was off Limewire, which I now hate

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sleep.gif\' class=\'bbc_emoticon\' alt=\'-_-\' />. Another thing I noticed is that it kept opening it (which is why I uninstalled when I first got it).

And I didn't try any fixed except spyware progs, i've never really had a virus that required I do so much stuff (luckly). I'll be on my gaurd now, and i'll do the system restore thing when I log off for the night.

Also, could you post some links to some GOOD free AV programs just incase I can't find my disk?

Also, what was this virus suppost to do? The only thing I noticed is that I couldn't open my Task Manager, no loss in physical or vitual memory, no errors with programs, nothing.

guestolo · « **Reply #15 on:** September 03, 2005, 11:07:53 AM »

It disable access to Taskmanager, the registry, etc.....

If your not planning on installing Norton's
I usually suggest one of 2 AV's that are free

Access the following link
http://www.thetechguide.com/forum/index.php?showtopic=15894

Near the top are links to both
ONLY download one, running more than one AV can, and will probably cause conflicts

I use AVG on this computer and Avast on another
So I'll leave the decision up to you

If you have any more questions post back
I will not be back on the forum till tomorrow

Stay safe

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Sanuska · « **Reply #16 on:** September 04, 2005, 11:29:45 AM »

Well, then do each have their own strong and weak points if you use diffrent ones for each comp? And if so what are they?

tektok3 · « **Reply #17 on:** September 04, 2005, 08:14:44 PM »

Log Removed, please start your own post tektok3

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

~guestolo~

guestolo · « **Reply #18 on:** September 04, 2005, 08:29:06 PM »

Sanuska, I find them both competent AV's

Take a look at what each provide

http://free.grisoft.com/doc/Get+AVG+FREE/lng/us/tpl/v5

http://www.avast.com/eng/avast_4_home.html

News:

Author Topic: Win32.P2P-Worm.Alcan.a (Read 4415 times)