« previous next »
Pages: [1]

Author Topic: Another Win32.P2P-Worm.Alcan.a  (Read 6458 times)

X

  • Guest
Another Win32.P2P-Worm.Alcan.a
« on: November 12, 2005, 10:44:15 PM »
Logfile of HijackThis v1.99.1
Scan saved at 9:38:35 PM, on 11/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\system32\YEDIEx.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\winupdates\winupdates.exe
C:\program files\support.com\bin\tgcmd.exe
E:\program files\valve\steam\steam.exe
E:\Program Files\LimeWire\LimeWire.exe
E:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
E:\Program Files\Anti-Virus\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh212112.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - E:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [msci] C:\program files\mcafee.com\shared\mcinfo.exe /insfin
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTFMon] C:\WINNT\system32\CTF\ctfmon.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKCU\..\Run: [Steam] "e:\program files\valve\steam\steam.exe" -silent
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh212112.dll/201
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094915485668
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126454599112
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O18 - Filter: text/html - {2DE94081-9FE6-4227-BC59-B7A80CC8308C} - C:\Program Files\ClientMan\run\searchrep8181a0e2.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: YEDIEx - Unknown owner - C:\WINNT\system32\YEDIEx.exe

I can't seem to get rid of it with AdAware Personal SE. Any help would be greatly appreciated.
Logged

Offline Afflicted

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Another Win32.P2P-Worm.Alcan.a
« Reply #1 on: November 18, 2005, 11:07:11 PM »
Just bumping this if you might have missed it. Again, thank you for your time.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Another Win32.P2P-Worm.Alcan.a
« Reply #2 on: November 18, 2005, 11:12:00 PM »
Thanks for registering, it's now mandatory and that helps me alot
Could you please post a fresh hijackthis log and we'll go from there

After you have done the above, could you also
Open Hijackthis>>Open "Misc tools section"
Open "Uninstall manager"
Click the SAVE LIST button
Save the list to desktop and copy and paste the Whole contents back here
« Last Edit: November 18, 2005, 11:13:28 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Afflicted

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Another Win32.P2P-Worm.Alcan.a
« Reply #3 on: November 18, 2005, 11:20:24 PM »
HiJack This Log:
Quote
Logfile of HijackThis v1.99.1
Scan saved at 10:19:08 PM, on 11/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\system32\YEDIEx.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\winupdates\winupdates.exe
C:\program files\support.com\bin\tgcmd.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
E:\program files\valve\steam\steam.exe
E:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
E:\Program Files\Anti-Virus\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh212112.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - E:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [msci] C:\program files\mcafee.com\shared\mcinfo.exe /insfin
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTFMon] C:\WINNT\system32\CTF\ctfmon.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "e:\program files\valve\steam\steam.exe" -silent
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh212112.dll/201
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094915485668
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126454599112
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O18 - Filter: text/html - {2DE94081-9FE6-4227-BC59-B7A80CC8308C} - C:\Program Files\ClientMan\run\searchrep8181a0e2.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: YEDIEx - Unknown owner - C:\WINNT\system32\YEDIEx.exe

Uninstall Programs list:
Quote
3D Matrix Screensaver 1.0
3D Matrix Screensaver: "the Endless Corridors" 1.0
3ds max 5
AceHTML 5 Freeware
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
Adobe Acrobat 7.0.3 and Reader 7.0.3 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop 5.0 Limited Edition
Adobe Photoshop 7.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS
Adobe Reader 7.0
AfterBurner Media Software 32 bit
America Online
AnswerWorks Runtime
AOL Instant Messenger
AT&T Connection Services Manager
Atomic Clock Sync
BMSE dbl
BroadJump Client Foundation
BroadJump CorrectConnect Engine
Bryce® 5
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
C-Dilla Licence Management System
Chaos Pack 1.00 for Pocket Tanks Deluxe
Chompster
Corel Applications
Cult
Data Lifeguard Tools
Desktop Taipei
Dink Smallwood
DivX 5.0.3 Bundle
Do More 5.0
Do More 5.0
Dope Wars 2.0 for Windows
Drug Lord 2
DVMPEG
DX-Ball 2
Easy CD Creator 5 Basic
Empire Earth
Empire Earth - The Art of Conquest
Enhanced MediaLoads
FaceLift
fader
Family Tree Maker
ffdshow
Font Creator Program 4.0
Fruity Loops Studio 4.1
Game Maker 6.1
GameShark for GBA
Gateway Desktop Manager
Gateway Power Management
Google Earth
Google Earth Pro
Google Toolbar for Internet Explorer
GTW V.92 Voice Modem
GTW V.92 Voicemodem
Half-Life® 2
HelpSpot
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
hp instant support
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
HTML Editor 1.5
HTML-Kit
IconCool Editor V3.0
IconCool Studio v1.4
IE Help
IEC system
IMS Web Dwarf V2
Intel® Extreme Graphics Driver
Intel® PRO Ethernet Adapter and Software
InterActual Player
iPod for Windows 2005-10-12
iPod Updater 2004-08-06
IrfanView (remove only)
iTunes
Jasc Paint Shop Pro 8
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.4.2_04
Java Web Start
Kali95
KaZaA Lite 2.0.2 (Kazaalite.com Edition) Build 1
Kazaa Lite K++ v2.4.1
Kazaa Lite Resurrection 0.0.7.6 F
Kazaa Media Desktop 2.1.1
Kazaa Media Desktop 2.5
KazaaBegone 1.25
K-Lite Mega Codec Pack 1.27
Knight Online
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation)
Logitech Desktop Messenger
Logitech MouseWare 9.41 .1
Logitech Resource Center
Logitech SetPoint
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia Flash Player 8
Macromedia FreeHand 10
Macromedia Shockwave Player
MAIET Gunz
Mapedit
Medal of Honor Allied Assault
MGI PhotoSuite
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Encarta Encyclopedia Deluxe 2001
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Picture It! Express 2001
Microsoft Publisher 2002
Microsoft Return of Arcade
Microsoft SAPI 5.1 Text to Speech Engine English
Microsoft Streets and Trips 2005
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Windows Journal Viewer
mIRC
Morpheus Software
MSN Gaming Zone
MSN Music Assistant
MSXML 4.0 SP2 Parser and SDK
MyNetProtecotor Anti Spy
Nero - Burning Rom
Nero Media Player
NeroVision Express 2
Netscape (7.1)
NVIDIA Drivers
P2P Networking3
Paint Shop Pro 7 Anniversary Edition
PCDJ FX
PC-Doctor for Windows
Pharaoh
PhoneTools
Picasa 2
Pocket Tanks 1.00b
Porrasturvat - Stair Dismount
Power Pack 1.00 for Pocket Tanks Deluxe
PS/2 Millennium Keyboard
QuickTime
Rogue Spear
Roll
SBC Connection Manager
SBC Yahoo! Applications
SBC Yahoo! DSL Activation
SE Assistant
SE Help
Search Function
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
SeeMePlayMe Client
SETI@home
Shockwave
Sid Meier's SimGolf
Sierra Utilities
SimCity 3000
SiteGenWiz 1.41
Spybot - Search & Destroy 1.4
Starcraft Brood War (RAZOR 1911)
Steam(tm)
Sudoku
SwiftSwitch
TeamSpeak 2 RC2
The Free HTML Editor
The Matrix Screen Saver
TI-Black Link
TI-Graph Link 83
TI-Graph Link 86
TNT 1.1 Release
Truck Dismount (remove only)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
USB Storage Tool for Windows XP Ver 1.00
Valve Hammer Editor
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebIQ Client Software
WinAce Archiver 2.0
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Winsyntax 2.0
Worms Armageddon Demo

I was also wondering if you could help me get some of the programs off the uninstall list, because I had deleted them, but they never deleted from the uninstall list, or list of programs. Thank you again.
« Last Edit: November 18, 2005, 11:42:36 PM by Afflicted »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Another Win32.P2P-Worm.Alcan.a
« Reply #4 on: November 18, 2005, 11:44:31 PM »
Can you do the following please

When I ask you too download a zip file, make sure you choose SAVE TO DISK rather than Open

Right click an empty spot on the desktop and left click NEW>>Folder
A new folder will be placed on the desktop, name it BFU

Download and save p2pnetwork.zip
Then UNZIP it to the BFU Folder

Download and save and then UNZIP to the BFU folder
BFU.zip
So you now have BFU.exe extracted

==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0
Don't run it yet

==Download and then Install
Ewido Security Suite

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Download and save to desktop the
Standalone version of CWShredder

Please  save these instructions to a Notepad file and save it to your Desktop for reference
Disconnect from the Internet

Open CWShredder.exe and click the FIX button
Let it fix what it finds

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link I supplied for a more detailed explanation

In safe mode
Run CWShredder FIX again, but Don't restart yet

Instead
Open the BFU folder
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to p2pnetwork.bfu in the BFU folder
Right click p2pnetwork.bfu and choose Select
In Brute Force Uninstaller select Execute
Let it finish then Exit

Access your Add/Remove programs and remove the following
Viewpoint Manager (Remove Only)
Viewpoint Media Player

Also, try and remove
P2P Networking3 <-Altnets if prompted
SE Assistant
SE Help
Search Function

Find and delete the following folder
C:\Program Files\ClientMan <-folder

Stay in safe mode
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh212112.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - E:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll (file missing)

O18 - Filter: text/html - {2DE94081-9FE6-4227-BC59-B7A80CC8308C} - C:\Program Files\ClientMan\run\searchrep8181a0e2.dll
O23 - Service: YEDIEx - Unknown owner - C:\WINNT\system32\YEDIEx.exe

After you have ticked the above entries, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Restart back to Normal mode

Back in Windows
Post a fresh hijackthis log and the whole report from Ewido's
« Last Edit: November 18, 2005, 11:45:38 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Afflicted

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Another Win32.P2P-Worm.Alcan.a
« Reply #5 on: November 19, 2005, 07:12:48 AM »
Quote
Logfile of HijackThis v1.99.1
Scan saved at 6:09:32 AM, on 11/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\Explorer.EXE
E:\Program Files\Anti-Virus\security suite\ewidoctrl.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\program files\support.com\bin\tgcmd.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
E:\program files\valve\steam\steam.exe
C:\WINNT\wanmpsvc.exe
E:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\svchost.exe
E:\Program Files\Anti-Virus\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [msci] C:\program files\mcafee.com\shared\mcinfo.exe /insfin
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTFMon] C:\WINNT\system32\CTF\ctfmon.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "e:\program files\valve\steam\steam.exe" -silent
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh212112.dll/201
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094915485668
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126454599112
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\Anti-Virus\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe


Quote
---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         5:50:33 AM, 11/19/2005
 + Report-Checksum:      9930EBBF

 + Scan result:

   HKLM\SOFTWARE\Classes\CLSID\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
   HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\Urlcli.CUrlCliObj\CLSID\\ -> Spyware.ClientMan : Cleaned with backup
   HKLM\SOFTWARE\Classes\Urlcli.CUrlCliObj.1\CLSID\\ -> Spyware.ClientMan : Cleaned with backup
   HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer -> Spyware.P2PNetworking : Cleaned with backup
   HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CLSID -> Spyware.P2PNetworking : Cleaned with backup
   HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CLSID\\ -> TrojanDownloader.WebP2P : Cleaned with backup
   HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CurVer -> Spyware.P2PNetworking : Cleaned with backup
   HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer.1 -> Spyware.P2PNetworking : Cleaned with backup
   HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer.1\CLSID\\ -> TrojanDownloader.WebP2P : Cleaned with backup
   HKLM\SOFTWARE\KMiNT21 -> Spyware.DesktopSpyAgent : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{850CD0B8-DA33-4558-A8C8-95D7908E37A7} -> Spyware.WebSearch : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/btiein.dll\\.Owner -> Spyware.HuntBar : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/btiein.dll\\{26E8361F-BCE7-4F75-A347-98C88B418322} -> Spyware.HuntBar : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaLoads Enhanced -> Spyware.Downloadware : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\1Click DVD Copy Pro 1.0.0.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\28 Days Later (2002).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\3D FTP 7.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\3DS Max7+SP13DS Max8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\ABBYY FineReader Pro 7.0.0.963.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\ABBYY FineReader Professional 8.0.706.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Access Password Recovery Genie 1.80.20051008.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\ACDSee 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Ace FTP 3 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Acoustica CDDVD Label Maker 2.42.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Acronis Privacy Expert Suite 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Active WebCam 6.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Advanced DVD Player.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Advanced File Encryptor - Encrypt your f.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Adware Away 2.2.86.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Age Of Empires III.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Ahead Nero Premium 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\All To All AudioConvert 1.13.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Amazon DVD Shrinker 2.4.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\American Pie 4 - Band Camp (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Anti Trojan Elite 3.3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\AnyDVD 5.5.2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Ardamax Keylogger 2.0 final Cool.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Ashampoo Burning Studio 5.5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Ashampoo Burning Studio 5.5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\AskSam Pro 6.0.2.777.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\AskSam Resume Tracking System Pro 6.0.2.774.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Atani 3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Auto Cleaner 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\AutoCAD Lt 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\AutoPatcher XP.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\AVG Anti-Virus 7.1 Build 362a656.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\AVG Anti-Virus 7.1.362.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Azureus 2.3.0.6 RC1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Beautiful Roses Screensaver 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Bee Icons 4.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Best MIDI To MP3 1.3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Breme Write Right 2.5.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\BSplayer Pro 1.30.818.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Buddy Icon Grabber 1.04.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\C and C Red Alert 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\CASE Studio 2.22.1.335.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Cheetah DVD Burner 1.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Come and See.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Corel Painter Essentials 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Corel Photo Album 6 Deluxe + Extras.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Cucusoft Video Converter Pro 7.07.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Directory Opus 8.2.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Disk Space Inspector 2.9.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Doom - Soundtrack (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Doom - Soundtrack 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Dual DVD Copy 3.5.4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Dual DVD Copy Gold 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Dungeon Siege 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\DVD Region + CSS Free 5.9.5.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\DVDIdle 5.9.5.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\E-PDF.Document.Converter 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Easy CD-DA Extractor 8.2.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Easy FlashMaker 1.2.384.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Error Doctor 2006 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Eudora 6.2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\EXPStudio Audio Editor 3.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Fahrenheit - Indigo Prophecy (Game).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Fifa 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\File &amp; Folder Protectors AIO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\File Control 1.38.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\File Listing Maker 1.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\File Recovery Professional 3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\FileMerlin 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\FileSplit 2.33.420.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Flash Templates Box.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Flash2Video 3.02.460.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\FlipAlbum 6.0 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\FotoStation Pro 5.1.58.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\G-Clock 1.1c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\GoldLimit PrettyCase Personal Edition 4.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\GoldWave 5.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Google Toolbar for Internet Explorer 3.0.128.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Google Web Accelerator 0.2.62.80.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Grand Theft Auto.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Hacker 2005 - The Broken Link.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Harry Potter And The Goblet Of Fire.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Hexprobe 1.41.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Hide IP Platinum 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Hiren`s BootCD 7.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Horoscope Interpreter.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\House of Wax (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Hpmbcalc 2.40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Icon Changer 3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\ICQ Lite 5.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\IM2 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\ImToo iPod Movie Converter 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\ImTOO PSP Video Converter 2.1.55.1108B.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Internet Download Accelerator 4.1.2.845.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Internet Download Manager 4.02.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\InterVideo DVD Copy GoldPlatinum 3.0.B016.43C00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Iomatic System Medic v 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Jarhead (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Key Spy 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\KLS Backup 2005 Pro 1.7.0.012.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\KNOPPIX 4.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\KoolMoves 5.1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Language Engineering Power Translator.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Limewire Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\ManageDesk 2.30.18.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Mass Downloader 3.0 SR1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\McAfee VirusScan 10.0.27.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Microsoft Student 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Miss Elliot - So Addictive.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Missy Elliot - The Cookbook.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Missy Elliot - This Is Not A Test.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Missy Elliot - Under Construction.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Missy Elliot Da Real World.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Movie DVD Maker 1.3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Mozilla Firefox 1.5 RC3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\MP3 To Ringtone Gold 3.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\MSN Content Adder 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Mystica 5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Need For Speed Most Wanted.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\NewLive All Media Fixer Pro 5.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Nico`s Commander 5.58.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\No1 Video Converter 3.9.22.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\NOD 32 2.50.26.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Nofeel FTP Server Enterprise 3.0.2628.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\NoRedEye (merged).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Norton AntiVirus 2006 Protection Pack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Norton Ghost 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\NTI CD &amp; DVD Maker Platinum 7.0.0.4703.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\NTI CD DVD Maker Platinum 7.0.0.4703.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Office Intercom 4.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Offline Explorer Enterprise 3.6.1950.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\One Click CD DVD Writer 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Panda Antivirus + Antispyware 2006 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Passware Kit Enterprise Edition 7.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\PC AdWare SpyWare Removal 2.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\PC Repair.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\PC-Cillin Internet Security 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Perfect Admin 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\PhotoDVD 2.013.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Pinnacle TitleDeko Pro 2.0.1634.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Planet 3D Screensavers 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\PlexTools Professional XL 3.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Postal 2 Apocalypse Weekend.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Power MP3 WMA Converter 2006 3.003.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Power Video Converter 1.5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\PowerArchiver 2004 9.20.07.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\PowerArchiver 2006 9.50.28.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Powerful Audio Tool 1.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\PropertyEditor 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Ram Idle Pro 3.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\RapidShare Hacks.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\RapidShare Harvester.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Rapidshare Premium Accounts.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Real Spy Monitor 2.39.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Reg Organizer 3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\RegDoctor 1.43.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\SageTV Recorder 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Selteco Bannershop GIF Animator 5.0.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Smartftp 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Sony Sound Forge 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\SoThink FlashVideo Encoder 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\SpeedItUp Extreme 3.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\SpyRemover 2.45.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Spyware and Adware Remover 9.2.0.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\SSS DJ 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Stardock Aquarium Desktop 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Stealth (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\StealthDisk 2005.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\STOPzilla 4.3.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\SuperRam 5.11.7.2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Symantec WinFax Pro 10.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\System Mechanic Professional 6.0 m.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\System Mechanic Professional 6.0o.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\System Medic 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Text To Speech Maker 1.3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\The Flash Ad Creator 1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\The Modern Survival Retreat.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\The Perfect Man 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\The Weather Man (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Trillian Pro 3.1.0.121.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Tuneup Utilities 2006 5.0.2331.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Uk Speaking Clock 10.3.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\vbs2exe English Edition 2.0.0.88.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Vista Explorer.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Webroot Spy Sweeper 4.5.7.656.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\White noise (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Winamp 5.093 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\WinAVI Video Converter 6.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\WinDVD Platinium 7.0.B27.130.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\WinDVD Platinum 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\WinDVD Recorder 5 Platinum.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\WinSettings 2005 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\WinXP Manager 4.89.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Wipe It 3.01.02.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Worms 4 Mayhem.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Xilisoft 3GP Video Converter 2.1.55.110.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\XPCSpy Pro 2.54.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Your Uninstaller 2004 Pro 3.9.517.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Zend Studio Client 4.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Zoo Tycoon 2 Endangered Species.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10.tmp\MARSHAL2.DLL -> Spyware.P2PNetworking : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10.tmp\P2P Networking3.exe -> Spyware.P2PNetworking : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5C.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp -> Spyware.Cookie.Centrport : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq60.tmp -> Spyware.Cookie.Adserver : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA.tmp -> TrojanDownloader.WebP2PInstaller : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp -> Spyware.P2PNetworking : Cleaned with backup
   C:\RECYCLER\S-1-5-21-3292650235-2419647484-3825283475-1004\Dc4179.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\RECYCLER\S-1-5-21-3292650235-2419647484-3825283475-1004\Dc4182.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   C:\RECYCLER\S-1-5-21-3292650235-2419647484-3825283475-1004\Dc4276.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   C:\RECYCLER\S-1-5-21-3292650235-2419647484-3825283475-1004\Dc4313.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
   C:\RECYCLER\S-1-5-21-3292650235-2419647484-3825283475-1004\Dc4362.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   C:\RECYCLER\S-1-5-21-3292650235-2419647484-3825283475-1004\Dc4363.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\RECYCLER\S-1-5-21-3292650235-2419647484-3825283475-1004\Dc4370.txt -> Spyware.Cookie.Com : Cleaned with backup
   C:\System Volume Information\_restore{87925209-405C-42A6-8FEE-9CF10CC35238}\RP1153\A0422535.exe -> Worm.VB.an : Cleaned with backup
   C:\WINNT\ISNSYS.dll -> TrojanSpy.Justin : Cleaned with backup
   C:\WINNT\Matrix Code Emulator.scr -> Backdoor.Backattack.20.C : Cleaned with backup
   C:\WINNT\NDNuninstall4_80.exe -> Spyware.NewDotNet : Cleaned with backup
   C:\WINNT\NDNuninstall5_20.exe -> Spyware.NewDotNet : Cleaned with backup
   C:\WINNT\NDNuninstall5_40.exe -> Spyware.NewDotNet : Cleaned with backup
   C:\WINNT\NDNuninstall5_64-1.exe -> Spyware.NewDotNet : Cleaned with backup
   C:\WINNT\NDNuninstall5_64.exe -> Spyware.NewDotNet : Cleaned with backup
   C:\WINNT\NDNuninstall6_10.exe -> Spyware.NewDotNet : Cleaned with backup
   C:\WINNT\NDNuninstall6_22.exe -> Spyware.NewDotNet : Cleaned with backup
   C:\WINNT\system32\BO2202031216.dll -> Spyware.BargainBuddy : Cleaned with backup
   C:\WINNT\system32\cm1.dll -> Spyware.ClientMan : Cleaned with backup
   C:\WINNT\system32\ctbv2.dll -> Adware.SAHA : Cleaned with backup
   C:\WINNT\system32\hotbar.exe -> Spyware.HotBar : Cleaned with backup
   C:\WINNT\system32\ignet2.dll -> TrojanDropper.Mudrop.w : Cleaned with backup
   C:\WINNT\system32\nostalgia.dll/MSView.dll -> Trojan.KeyHost.e : Cleaned with backup
   C:\WINNT\system32\nostalgia.dll/MSVprep.exe -> Spyware.BiSpy : Cleaned with backup
   C:\WINNT\system32\nostalgia.dll/MSView.dll -> Trojan.KeyHost.e : Cleaned with backup
   C:\WINNT\system32\nostalgia.dll/MSVprep.exe -> Spyware.BiSpy : Cleaned with backup
   C:\WINNT\system32\nostalgia1.dll/MSView.dll -> Trojan.KeyHost.e : Cleaned with backup
   C:\WINNT\system32\nostalgia1.dll/MSVprep.exe -> Spyware.BiSpy : Cleaned with backup
   C:\WINNT\system32\nostalgia1.dll/MSView.dll -> Trojan.KeyHost.e : Cleaned with backup
   C:\WINNT\system32\nostalgia1.dll/MSVprep.exe -> Spyware.BiSpy : Cleaned with backup
   C:\WINNT\system32\SHAgent.dll -> Adware.SAHA : Cleaned with backup
   C:\WINNT\system32\sstep.dll -> TrojanDropper.Small.so : Cleaned with backup
   C:\WINNT\system32\Xcite.exe -> Spyware.F1Organizer : Cleaned with backup


::Report End

Thank You! I can use task manager again!
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Another Win32.P2P-Worm.Alcan.a
« Reply #6 on: November 19, 2005, 12:45:05 PM »
Can you do the following

Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

Navigate to this folder if you can find it
 C:\Documents and Settings\Peter Stroh\Complete
Remove any files in the Complete folder you do not recognize
They should be zip files, or the folder may now be empty

Can you run one more fix please
I just want to check on something
==Create a New folder on your desktop, call it Aboutbuster
(Right click an empty spot on the desktop and select NEW>>FOLDER)
Download to desktop About:Buster 5.1
by RubbeR Ducky
Unzip it to that new folder

Open the Aboutbuster folder and Run About:buster.exe
Click the Update button
Allow to update

Print the rest of these instructions or save them too Notepad for reference
Close all open windows, including this one

Do another scan with Hijackthis and put a check next to these entries:

O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB

After you have ticked the above entries, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Run About:Buster.exe again
This time
Click the Begin Removal button
Can you please run this scan twice
When it's done it will produce a log in the Aboutbuster folder called
Ab logfile.txt
I'll need to see the log later

Restart your computer

Back in Windows
Post a fresh hijackthis log and the Ab logfile.txt from About:Buster

Could you also
Can you go to this site
Jotti's Online Malware scan
Give this site time to load if busy

Use the browse button and navigate to the file on your hard drive
C:\WINNT\system32\YEDIEx.exe <-this file, may not be malicious, but I want to check it

Right click on it  and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scans back here please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Afflicted

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Another Win32.P2P-Worm.Alcan.a
« Reply #7 on: November 19, 2005, 08:46:11 PM »
Quote
Logfile of HijackThis v1.99.1
Scan saved at 7:45:10 PM, on 11/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\program files\support.com\bin\tgcmd.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
E:\program files\valve\steam\steam.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
E:\Program Files\Anti-Virus\security suite\ewidoctrl.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\wscntfy.exe
E:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Winamp\winamp.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINNT\system32\wuauclt.exe
E:\Program Files\Anti-Virus\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [msci] C:\program files\mcafee.com\shared\mcinfo.exe /insfin
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTFMon] C:\WINNT\system32\CTF\ctfmon.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "e:\program files\valve\steam\steam.exe" -silent
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh212112.dll/201
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094915485668
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126454599112
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\Anti-Virus\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

Quote
AboutBuster 5.1, reference file 33
Scan started on [11/19/2005]at [7:34:55 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 7:36:50 PM


AboutBuster 5.1, reference file 33
Scan started on [11/19/2005] at [7:37:15 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 7:38:51 PM

Quote
Service load:  0%        100%  
 
File:  YEDIEx.exe  
Status:  OK  
MD5  7f3d1ec102fabde0c4ff3b2b750268fa  
Packers detected:  -
Scanner results  
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
UNA  Found nothing
VBA32  Found nothing
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Another Win32.P2P-Worm.Alcan.a
« Reply #8 on: November 19, 2005, 10:03:36 PM »
You can go back and hide hidden files and folders
I would leave
Hide Extensions for known file types unchecked

What do you use for an Active Virus scanner on your computer
I see an entry related to McAfee, but nothing Active
Do you need a free solution?
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Afflicted

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Another Win32.P2P-Worm.Alcan.a
« Reply #9 on: November 20, 2005, 09:00:11 AM »
A free solution would be wonderful. Thank you.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Another Win32.P2P-Worm.Alcan.a
« Reply #10 on: November 20, 2005, 01:51:00 PM »
Some final cleanup
If everything is running better, please do the following
You should disable system restore>>Reboot your computer>>and then reenable it
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature

Once System Restore is reenabled

You should set up protection against future attacks
SpywareBlaster 3.4 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link
Scroll down too IE-SPYAD (original) or
IE-SPYAD2>>Use one or the other

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply click the "enable all protection"
IE-Spyad is compatible with SP2

For a free AV
Take a look at the following links
Avast Home Edition by ALWIL
AVG 7 by Grisoft
AntiVir Personal Edition Classic

All have free versions
ONLY install one, more than one can cause conflicts and decrease your system performance noticably

After installation of either one, make sure you check for updates and run a full system scan
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Afflicted

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Another Win32.P2P-Worm.Alcan.a
« Reply #11 on: November 20, 2005, 09:23:01 PM »
It was gone, and now I scan again, and it is back.

Should I follow the same steps you've already told me?
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Another Win32.P2P-Worm.Alcan.a
« Reply #12 on: November 20, 2005, 09:28:27 PM »
Quote
It was gone, and now I scan again, and it is back.

Should I follow the same steps you've already told me?
What are we talking about?
And what scan did you do?

Did you install one of the virus scanners I posted?
If not do so and update it and run a full system scan

Can I see a fresh hijackthis log please afterwards

Remember, Alcan worm is probably infecting you thru your file sharing programs
eg.. KaZaA Lite 2.0.2 (Kazaalite.com Edition) Build 1
Kazaa Lite K++ v2.4.1
Kazaa Lite Resurrection 0.0.7.6 F
Kazaa Media Desktop 2.1.1
Kazaa Media Desktop 2.5
morpheus
All are breeding grounds for infection
If you download something, make sure you check it for viruses first before opening it
You can use your new virus scanner
« Last Edit: November 20, 2005, 09:47:11 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Afflicted

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Another Win32.P2P-Worm.Alcan.a
« Reply #13 on: November 20, 2005, 10:46:47 PM »
The Win32.P2P-Worm.Alcan.a came back. I used ad-aware personal se.

I am installing the programs you recommended. I only use Limewire, so if it is possible that Kazaa could still be infecting me somehow, how would I get rid of it and all its components?

I will post a frech HJT log after I scan with one of you recommended AV programs. I've used Ewido and Ad-aware already too.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Another Win32.P2P-Worm.Alcan.a
« Reply #14 on: November 20, 2005, 11:08:08 PM »
Ok, now I'm confused  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />
Quote
I am installing the programs you recommended.
Did you do this yet????
Quote
If everything is running better, please do the following
You should disable system restore>>Reboot your computer>>and then reenable it
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature

Once System Restore is reenabled

You should set up protection against future attacks
SpywareBlaster 3.4 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link
Scroll down too IE-SPYAD (original) or
IE-SPYAD2>>Use one or the other

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply click the "enable all protection"
IE-Spyad is compatible with SP2

For a free AV
Take a look at the following links
Avast Home Edition by ALWIL
AVG 7 by Grisoft
AntiVir Personal Edition Classic

All have free versions
ONLY install one, more than one can cause conflicts and decrease your system performance noticably

After installation of either one, make sure you check for updates and run a full system scan

Where is Ad-Aware finding Alcan?

Also, access your Add/REmove programs and remove
Kazaa Lite K++ v2.4.1
Kazaa Lite Resurrection 0.0.7.6 F
Kazaa Media Desktop 2.1.1
Kazaa Media Desktop 2.5
morpheus

And remember, you can still get the Alcan worm from Limewire too
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Afflicted

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Another Win32.P2P-Worm.Alcan.a
« Reply #15 on: November 21, 2005, 12:53:22 PM »
Out of the Anti-Virus software you gave me, I've found avast! to be the best. I ran the boot-up scan and it got rid of everything, and continues to block things coming in.

I've done scans with ad-aware and ewido and they can't find any virus of any kind on here since I've installed avast. Thank you very very much.

If you're not convinced that my computer is clean, then I will post another HJT log at your request, but I'm pretty sure that everything is running smoothly. Thank you so much. Can I pay you somehow, or just donate to the site?
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Another Win32.P2P-Worm.Alcan.a
« Reply #16 on: November 21, 2005, 07:22:03 PM »
sure, can you post one last hijackthis log
Let's just make sure

I like Avast also, I use it on my other computer

Then we'll close this topic
« Last Edit: November 21, 2005, 07:22:51 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Afflicted

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Another Win32.P2P-Worm.Alcan.a
« Reply #17 on: November 22, 2005, 02:31:43 PM »
Quote
Logfile of HijackThis v1.99.1
Scan saved at 1:30:41 PM, on 11/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
E:\Program Files\Anti-Virus\avast\aswUpdSv.exe
E:\Program Files\Anti-Virus\avast\ashServ.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
E:\Program Files\Anti-Virus\security suite\ewidoctrl.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
E:\Program Files\Anti-Virus\avast\ashMaiSv.exe
E:\Program Files\Anti-Virus\avast\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\program files\support.com\bin\tgcmd.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
E:\PROGRA~1\ANTI-V~1\avast\ashDisp.exe
E:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Winamp\winamp.exe
E:\Program Files\Anti-Virus\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [msci] C:\program files\mcafee.com\shared\mcinfo.exe /insfin
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTFMon] C:\WINNT\system32\CTF\ctfmon.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ANTI-V~1\avast\ashDisp.exe
O4 - HKCU\..\Run: [Steam] "e:\program files\valve\steam\steam.exe" -silent
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh212112.dll/201
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094915485668
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126454599112
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Anti-Virus\avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Anti-Virus\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Anti-Virus\avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Anti-Virus\avast\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\Anti-Virus\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

But seriously, you've helped so much. Can I pay you or something? I think you do so much for people without asking for anything in return and I just feel like you deserve something for your trouble. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Another Win32.P2P-Worm.Alcan.a
« Reply #18 on: November 23, 2005, 11:06:28 PM »
Glad to help
Thank you much Afflicted for the donation
I'll lock this topic as your problems appear resolved
Take care  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
« Last Edit: November 23, 2005, 11:07:49 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »