Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't Get Rid of drv2cltr.dll and cisvvc.exe


  • Please log in to reply

#1
jackkv

jackkv

    Member

  • Member
  • PipPip
  • 37 posts
Hi,

I have recently experienced problems with my home computer. For a few days, I was getting annoying pop-up ads for gambling that would show up every few minutes. Running AdWare several times finally solved that problem. Then I noticed that in the "Windows/Favorites" folder, were about 10 gambling/sex ads that I had never heard of. I finally deleted those out manually and they have been gone for a few days now.

However, I still experience random slow-downs while connected to the internet (slower than the old dial-up days - just painfully slow) - this usually happens when I also have a Microsoft Word or Excel document open at the same time. In the Excel document, I will click on a cell and see it highlight a whole block of cells. I still get pop-up warnings from the Windows Security Center stating that they have detected suspicious

I have installed and run both Ad-Aware SE and Spy-Bot Search & Destroy. They have helped with the initial problem, but I seem to have hit a wall in trying to solve this final step. I browsed this website and saw a person who seemed to have had a very similar problem to me. I installed and ran Kaspersky - after the first scan, 9 viruses were found - I used the Killbox, rescanned, found five, Killboxed, rescanned and found the two in the title of this message. These appear to be Trojan viruses, and I don't want to go any further unless someone who really knows what they're doing can advise. (I'm not exactly a computer whiz!!!)

Please help me out and let me know if you need to see any logs I have saved. Thank you so much in advance.
  • 0

Advertisements


#2
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello jackkv, welcome to Geeks to Go! I'm Kristy and I will be helping you.

If you don't already have HijackThis Click Here to download the latest version(1.99.1).

After downloading it to a permanent folder(i.e. C:\HJT), do a system scan and post your log here.

~Kristy :tazz:
  • 0

#3
jackkv

jackkv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Thanks, Kristy!!

OK, here's what Hijack This says:

Logfile of HijackThis v1.99.1
Scan saved at 10:53:24 PM, on 7/3/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPCLIENT.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPMON32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\SBC SELF SUPPORT TOOL\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMON32.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBROWSER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\0HRDNREN\HIJACKTHIS[1].EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://
R3 - URLSearchHook: (no name) - {6221212B-4024-722B-144C-D1E619070340} - cmon14.dll (file missing)
F1 - win.ini: run=C:\WINDOWS\hpfsched.exe
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl"); (C:\Program Files\Netscape\Users\User00\prefs.js)
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Internet Explorer Hot Fix - {F9D64841-4AAC-4281-88A0-2ED4C95BC3F1} - C:\WINDOWS\SYSTEM\VWZJL.DLL (file missing)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [WTFCTF] clamav.exe
O4 - HKLM\..\Run: [backorif] Bogobot.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMon32.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [NetMDSB] C:\PROGRAM FILES\SONY\MD SIMPLE BURNER\NETMDSB.EXE -start
O4 - HKLM\..\RunServices: [panda cleaner] %SystemRoot%\pavdr.exe
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [SAPSTR] XTermInit.exe
O4 - HKCU\..\Run: [Serviceprocess] avpmondll.exe
O4 - HKCU\..\Run: [Uint32] browsebar.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mp3: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npwinamp.dll
O12 - Plugin for .avi: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npavi32.dll
O12 - Plugin for .wav: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...ebscan_ansi.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O21 - SSODL: systemp - {E9B7AF18-08B6-4959-9C24-B729F90A1AD6} - systemp.dll (file missing)
  • 0

#4
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello jackkv,

You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Next please run HijackThis, click Scan, and check:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp..../search/ie.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: (no name) - {6221212B-4024-722B-144C-D1E619070340} - cmon14.dll (file missing)
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Internet Explorer Hot Fix - {F9D64841-4AAC-4281-88A0-2ED4C95BC3F1} - C:\WINDOWS\SYSTEM\VWZJL.DLL (file missing)
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPClient.exe" l
O4 - HKLM\..\Run: [WTFCTF] clamav.exe
O4 - HKLM\..\Run: [backorif] Bogobot.exe
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [SAPSTR] XTermInit.exe
O4 - HKCU\..\Run: [Serviceprocess] avpmondll.exe
O4 - HKCU\..\Run: [Uint32] browsebar.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present(Only fix this if it was not set by you or the computer administrator)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O21 - SSODL: systemp - {E9B7AF18-08B6-4959-9C24-B729F90A1AD6} - systemp.dll (file missing)


Close all open windows except for HijackThis and click Fix Checked.

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).

Go to Start > Control Panel > Add/Remove Programs and remove the following(if found):

WareOut

Exit Add/Remove Programs.

Be sure you're able to view hidden files, and remove the following files/folders in bold (if found):

C:\Program Files\WareOut
C:\WINDOWS\web\related.htm


Empty your recycle bin, and reboot normally.

Please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. ;)

~Kristy :tazz:

Edited by Rustymilo, 04 July 2005 - 01:08 AM.

  • 0

#5
jackkv

jackkv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
OK, I ran everything you said. Just an FYI - of the three programs you told me to remove, only one showed up, and that was "C:\WINDOWS\web\related.htm." I ran the housecall scan, and it came up with 507 infected files - and all but 2 were undeletable. Let me know if you need to see that. (It's VERY long.) The moosoft didn't show any trojans.

I still get messages from the Windows Security Center saying, "WARNING: Windows Firewall detected suspicious network activity on your computer. Malicious software codes try to steal your privacy information, such as credit card numbers, electronic mail accounts, financial data or passwords. Do you want to learn how to protect your computer?" Also, there is a message that appears in my tray in the lower right corner that says, "Your computer might be at risk. Your virus protection status is bad. Spyware activity detected. Click this baloon to fix this problem." I'm pretty sure that's fake since balloon is spelled incorrectly and the wording is a bit too casual.

Anyway, here's the HiJack This log after I followed the steps in your last reply. Thanks again.

Logfile of HijackThis v1.99.1
Scan saved at 10:07:01 AM, on 7/4/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SONY\MD SIMPLE BURNER\NETMDSB.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPMON32.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SBC SELF SUPPORT TOOL\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMON32.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://
F1 - win.ini: run=C:\WINDOWS\hpfsched.exe
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl"); (C:\Program Files\Netscape\Users\User00\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMon32.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [NetMDSB] C:\PROGRAM FILES\SONY\MD SIMPLE BURNER\NETMDSB.EXE -start
O4 - HKLM\..\RunServices: [panda cleaner] %SystemRoot%\pavdr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O12 - Plugin for .mp3: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npwinamp.dll
O12 - Plugin for .avi: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npavi32.dll
O12 - Plugin for .wav: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...ebscan_ansi.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
  • 0

#6
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello jackkv,

Your log looks fine, but I still would like you to run a scan to make sure everything is gone.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

Once in safemode run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

~Kristy :tazz:
  • 0

#7
jackkv

jackkv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I tried to install Ewido, but it needs to be Windows 2000 or above to be installed. I have Windows ME. Any other ideas? Thanks.
  • 0

#8
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello jackkv,

We will have to do the housecall scan again.

Please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

After it is done I will need to see the log, no matter how long it is, and a new HijackThis log.

~Kristy :tazz:
  • 0

#9
jackkv

jackkv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Kristy,

Not seeing the "Auto Clean" box to tick.
  • 0

#10
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
That's okay, just continue with the scan if you can.

~Kristy :tazz:
  • 0

Advertisements


#11
jackkv

jackkv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Kristy,

OK here goes. Here is the HiJack This log, followed by the Housecall log:

Logfile of HijackThis v1.99.1
Scan saved at 5:24:05 PM, on 7/4/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPMON32.EXE
C:\PROGRAM FILES\SBC SELF SUPPORT TOOL\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMON32.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBROWSER.EXE
C:\WINDOWS\SYSTEM\RDSNDIN.EXE
C:\WINDOWS\SYSTEM\NTFSNLPA.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://
F1 - win.ini: run=C:\WINDOWS\hpfsched.exe
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl"); (C:\Program Files\Netscape\Users\User00\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMon32.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [NetMDSB] C:\PROGRAM FILES\SONY\MD SIMPLE BURNER\NETMDSB.EXE -start
O4 - HKLM\..\RunServices: [panda cleaner] %SystemRoot%\pavdr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O12 - Plugin for .mp3: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npwinamp.dll
O12 - Plugin for .avi: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npavi32.dll
O12 - Plugin for .wav: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...ebscan_ansi.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab

-----------------------------------------------------------------------------------------------
HOUSECALL
Results:We have detected 284 infected file(s) with 507 virus(es) on your computer: - 0 virus(es) passed, 0 virus(es) no action available
- 0 virus(es) cleaned, 0 virus(es) uncleanable
- 2 virus(es) deleted, 505 virus(es) undeletable
- 0 virus(es) not found, 0 virus(es) unaccessible
Detected File Associated Virus Name Action Taken
C:\_RESTORE\TEMP\A0247871.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0247873.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0142610.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0142612.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0142618.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0142620.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0144618.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0144620.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0149843.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0149845.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0248871.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0248873.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0248899.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0248901.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0248927.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0248929.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0248947.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0248949.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0193108.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0193110.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0240689.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0240691.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0249947.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0249949.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0247729.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0247731.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0249985.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0249987.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0249992.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0249994.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0250012.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0250014.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0250091.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0250093.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0250115.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0250117.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0251115.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0251117.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0251190.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0251192.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0251557.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0251559.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0251586.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0251588.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0251626.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0251628.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0251674.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0251676.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0251736.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0251738.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\A0251777.CPY TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\A0251779.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\TEMP\SYSTEMP.0 TROJ_STARTER.B Undeletable
C:\_RESTORE\TEMP\SYSTEMP.1 TROJ_STRTPAGE.H Undeletable
C:\_RESTORE\TEMP\VWZJL.0 TSPY_STRTPAGE.K Undeletable
C:\_RESTORE\TEMP\SYSP.0 TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS228.CAB
- A0158858.CPY TROJ_STARTER.B Undeletable
- A0158860.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS173.CAB
- A0127024.CPY TROJ_CLICKER.L Undeletable
- A0129059.CPY TROJ_SMALL.GR Undeletable
C:\_RESTORE\ARCHIVE\FS174.CAB
- A0137753.CPY TROJ_STARTER.B Undeletable
- A0137755.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS175.CAB
- A0138753.CPY TROJ_STARTER.B Undeletable
- A0138755.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS176.CAB
- A0138767.CPY TROJ_STARTER.B Undeletable
- A0138769.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS177.CAB
- A0138844.CPY TROJ_STARTER.B Undeletable
- A0138846.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS178.CAB
- A0138921.CPY TROJ_STARTER.B Undeletable
- A0138923.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS179.CAB
- A0138944.CPY TROJ_STARTER.B Undeletable
- A0138946.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS180.CAB
- A0138955.CPY TROJ_STARTER.B Undeletable
- A0138957.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS181.CAB
- A0139004.CPY TROJ_STARTER.B Undeletable
- A0139006.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS182.CAB
- A0139099.CPY TROJ_STARTER.B Undeletable
- A0139101.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS183.CAB
- A0139118.CPY TROJ_STARTER.B Undeletable
- A0139120.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS184.CAB
- A0139264.CPY TROJ_STARTER.B Undeletable
- A0139266.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS185.CAB
- A0139387.CPY TROJ_STARTER.B Undeletable
- A0139389.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS186.CAB
- A0140387.CPY TROJ_STARTER.B Undeletable
- A0140389.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS187.CAB
- A0140434.CPY TROJ_STARTER.B Undeletable
- A0140436.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS188.CAB
- A0141434.CPY TROJ_STARTER.B Undeletable
- A0141436.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS189.CAB
- A0142434.CPY TROJ_STARTER.B Undeletable
- A0142436.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS191.CAB
- A0144668.CPY TROJ_STARTER.B Undeletable
- A0144670.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS192.CAB
- A0145668.CPY TROJ_STARTER.B Undeletable
- A0145670.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS193.CAB
- A0145789.CPY TROJ_STARTER.B Undeletable
- A0145791.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS194.CAB
- A0146789.CPY TROJ_STARTER.B Undeletable
- A0146791.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS195.CAB
- A0147789.CPY TROJ_STARTER.B Undeletable
- A0147791.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS196.CAB
- A0148789.CPY TROJ_STARTER.B Undeletable
- A0148791.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS197.CAB
- A0149789.CPY TROJ_STARTER.B Undeletable
- A0149791.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS198.CAB
- A0149924.CPY TROJ_STARTER.B Undeletable
- A0149926.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS199.CAB
- A0150924.CPY TROJ_STARTER.B Undeletable
- A0150926.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS200.CAB
- A0150935.CPY TROJ_STARTER.B Undeletable
- A0150937.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS201.CAB
- A0150941.CPY TROJ_STARTER.B Undeletable
- A0150943.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS202.CAB
- A0150944.CPY TROJ_STARTER.B Undeletable
- A0150946.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS203.CAB
- A0150947.CPY TROJ_STARTER.B Undeletable
- A0150949.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS204.CAB
- A0150962.CPY TROJ_STARTER.B Undeletable
- A0150964.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS205.CAB
- A0150976.CPY TROJ_STARTER.B Undeletable
- A0150978.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS206.CAB
- A0151008.CPY TROJ_STARTER.B Undeletable
- A0151010.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS207.CAB
- A0151011.CPY TROJ_STARTER.B Undeletable
- A0151013.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS208.CAB
- A0151014.CPY TROJ_STARTER.B Undeletable
- A0151016.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS209.CAB
- A0151017.CPY TROJ_STARTER.B Undeletable
- A0151019.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS210.CAB
- A0152017.CPY TROJ_STARTER.B Undeletable
- A0152019.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS213.CAB
- A0154047.CPY TROJ_STARTER.B Undeletable
- A0154049.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS214.CAB
- A0154055.CPY TROJ_STARTER.B Undeletable
- A0154057.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS215.CAB
- A0155055.CPY TROJ_STARTER.B Undeletable
- A0155057.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS216.CAB
- A0155068.CPY TROJ_STARTER.B Undeletable
- A0155070.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS217.CAB
- A0156068.CPY TROJ_STARTER.B Undeletable
- A0156070.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS218.CAB
- A0156083.CPY TROJ_STARTER.B Undeletable
- A0156085.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS219.CAB
- A0157083.CPY TROJ_STARTER.B Undeletable
- A0157085.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS220.CAB
- A0157132.CPY TROJ_STARTER.B Undeletable
- A0157134.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS221.CAB
- A0157150.CPY TROJ_STARTER.B Undeletable
- A0157152.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS222.CAB
- A0158150.CPY TROJ_STARTER.B Undeletable
- A0158152.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS223.CAB
- A0158170.CPY TROJ_STARTER.B Undeletable
- A0158172.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS224.CAB
- A0158187.CPY TROJ_STARTER.B Undeletable
- A0158189.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS225.CAB
- A0158248.CPY TROJ_STARTER.B Undeletable
- A0158250.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS247.CAB
- A0163276.CPY TROJ_STARTER.B Undeletable
- A0163278.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS232.CAB
- A0159518.CPY TROJ_STARTER.B Undeletable
- A0159520.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS233.CAB
- A0159632.CPY TROJ_STARTER.B Undeletable
- A0159634.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS234.CAB
- A0159726.CPY TROJ_STARTER.B Undeletable
- A0159728.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS235.CAB
- A0159744.CPY TROJ_STARTER.B Undeletable
- A0159746.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS236.CAB
- A0159774.CPY TROJ_STARTER.B Undeletable
- A0159776.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS237.CAB
- A0160774.CPY TROJ_STARTER.B Undeletable
- A0160776.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS238.CAB
- A0160819.CPY TROJ_STARTER.B Undeletable
- A0160821.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS239.CAB
- A0160883.CPY TROJ_STARTER.B Undeletable
- A0160885.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS240.CAB
- A0161883.CPY TROJ_STARTER.B Undeletable
- A0161885.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS243.CAB
- A0162348.CPY TROJ_STARTER.B Undeletable
- A0162350.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS295.CAB
- A0174484.CPY TROJ_STARTER.B Undeletable
- A0174486.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS303.CAB
- A0175484.CPY TROJ_STARTER.B Undeletable
- A0175486.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS248.CAB
- A0163333.CPY TROJ_STARTER.B Undeletable
- A0163335.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS249.CAB
- A0164333.CPY TROJ_STARTER.B Undeletable
- A0164335.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS250.CAB
- A0164454.CPY TROJ_STARTER.B Undeletable
- A0164456.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS251.CAB
- A0164532.CPY TROJ_STARTER.B Undeletable
- A0164534.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS252.CAB
- A0164546.CPY TROJ_STARTER.B Undeletable
- A0164548.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS253.CAB
- A0165546.CPY TROJ_STARTER.B Undeletable
- A0165548.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS260.CAB
- A0167546.CPY TROJ_STARTER.B Undeletable
- A0167548.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS266.CAB
- A0168546.CPY TROJ_STARTER.B Undeletable
- A0168548.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS271.CAB
- A0169086.CPY TROJ_STARTER.B Undeletable
- A0169088.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS275.CAB
- A0169481.CPY TROJ_STARTER.B Undeletable
- A0169483.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS276.CAB
- A0170481.CPY TROJ_STARTER.B Undeletable
- A0170483.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS277.CAB
- A0171481.CPY TROJ_STARTER.B Undeletable
- A0171483.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS306.CAB
- A0175840.CPY TROJ_STARTER.B Undeletable
- A0175842.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS294.CAB
- A0173484.CPY TROJ_STARTER.B Undeletable
- A0173486.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS313.CAB
- A0176408.CPY TROJ_STARTER.B Undeletable
- A0176410.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS307.CAB
- A0175882.CPY TROJ_STARTER.B Undeletable
- A0175884.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS308.CAB
- A0175912.CPY TROJ_STARTER.B Undeletable
- A0175914.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS339.CAB
- A0181625.CPY TROJ_STARTER.B Undeletable
- A0181627.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS314.CAB
- A0176436.CPY TROJ_STARTER.B Undeletable
- A0176438.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS315.CAB
- A0176444.CPY TROJ_STARTER.B Undeletable
- A0176446.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS316.CAB
- A0177444.CPY TROJ_STARTER.B Undeletable
- A0177446.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS317.CAB
- A0177491.CPY TROJ_STARTER.B Undeletable
- A0177493.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS318.CAB
- A0177502.CPY TROJ_STARTER.B Undeletable
- A0177504.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS319.CAB
- A0177516.CPY TROJ_STARTER.B Undeletable
- A0177518.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS320.CAB
- A0178516.CPY TROJ_STARTER.B Undeletable
- A0178518.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS321.CAB
- A0179516.CPY TROJ_STARTER.B Undeletable
- A0179518.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS322.CAB
- A0179567.CPY TROJ_STARTER.B Undeletable
- A0179569.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS323.CAB
- A0180567.CPY TROJ_STARTER.B Undeletable
- A0180569.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS325.CAB
- A0180762.CPY TROJ_STARTER.B Undeletable
- A0180764.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS326.CAB
- A0180835.CPY TROJ_STARTER.B Undeletable
- A0180837.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS327.CAB
- A0180921.CPY TROJ_STARTER.B Undeletable
- A0180923.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS328.CAB
- A0180938.CPY TROJ_STARTER.B Undeletable
- A0180940.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS329.CAB
- A0180988.CPY TROJ_STARTER.B Undeletable
- A0180990.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS330.CAB
- A0180999.CPY TROJ_STARTER.B Undeletable
- A0181001.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS331.CAB
- A0181118.CPY TROJ_STARTER.B Undeletable
- A0181120.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS332.CAB
- A0181180.CPY TROJ_STARTER.B Undeletable
- A0181182.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS334.CAB
- A0181503.CPY TROJ_STARTER.B Undeletable
- A0181505.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS335.CAB
- A0181544.CPY TROJ_STARTER.B Undeletable
- A0181546.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS336.CAB
- A0181552.CPY TROJ_STARTER.B Undeletable
- A0181554.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS337.CAB
- A0181590.CPY TROJ_STARTER.B Undeletable
- A0181592.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS338.CAB
- A0181598.CPY TROJ_STARTER.B Undeletable
- A0181600.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS357.CAB
- A0244615.CPY TROJ_STARTER.B Undeletable
- A0244617.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS190.CAB
- A0242337.CPY TROJ_STARTER.B Undeletable
- A0242339.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS342.CAB
- A0182625.CPY TROJ_STARTER.B Undeletable
- A0182627.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS343.CAB
- A0182630.CPY TROJ_STARTER.B Undeletable
- A0182632.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS344.CAB
- A0183630.CPY TROJ_STARTER.B Undeletable
- A0183632.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS278.CAB
- A0171484.CPY TROJ_STARTER.B Undeletable
- A0171486.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS212.CAB
- A0154017.CPY TROJ_STARTER.B Undeletable
- A0154019.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS211.CAB
- A0153017.CPY TROJ_STARTER.B Undeletable
- A0153019.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS346.CAB
- A0184678.CPY TROJ_STARTER.B Undeletable
- A0184680.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS350.CAB
- A0242554.CPY TROJ_STARTER.B Undeletable
- A0242556.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS354.CAB
- A0187675.CPY TROJ_STARTER.B Undeletable
- A0187677.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS352.CAB
- A0242585.CPY TROJ_STARTER.B Undeletable
- A0242587.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS353.CAB
- A0243585.CPY TROJ_STARTER.B Undeletable
- A0243587.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS358.CAB
- A0190675.CPY TROJ_STARTER.B Undeletable
- A0190677.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS359.CAB
- A0191675.CPY TROJ_STARTER.B Undeletable
- A0191677.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS356.CAB
- A0243617.CPY TROJ_STARTER.B Undeletable
- A0243619.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS366.CAB
- A0192913.CPY TROJ_STARTER.B Undeletable
- A0192915.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS360.CAB
- A0244665.CPY TROJ_STARTER.B Undeletable
- A0244667.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS439.CAB
- A0212557.CPY TROJ_STARTER.B Undeletable
- A0212559.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS367.CAB
- A0192978.CPY TROJ_STARTER.B Undeletable
- A0192980.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS368.CAB
- A0193040.CPY TROJ_STARTER.B Undeletable
- A0193042.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS371.CAB
- A0194187.CPY TROJ_STARTER.B Undeletable
- A0194189.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS372.CAB
- A0194222.CPY TROJ_STARTER.B Undeletable
- A0194224.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS373.CAB
- A0194324.CPY TROJ_STARTER.B Undeletable
- A0194326.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS374.CAB
- A0194393.CPY TROJ_STARTER.B Undeletable
- A0194395.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS375.CAB
- A0194408.CPY TROJ_STARTER.B Undeletable
- A0194410.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS376.CAB
- A0195408.CPY TROJ_STARTER.B Undeletable
- A0195410.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS377.CAB
- A0195466.CPY TROJ_STARTER.B Undeletable
- A0195468.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS378.CAB
- A0195505.CPY TROJ_STARTER.B Undeletable
- A0195507.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS379.CAB
- A0195516.CPY TROJ_STARTER.B Undeletable
- A0195518.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS380.CAB
- A0195536.CPY TROJ_STARTER.B Undeletable
- A0195538.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS381.CAB
- A0195564.CPY TROJ_STARTER.B Undeletable
- A0195566.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS382.CAB
- A0196564.CPY TROJ_STARTER.B Undeletable
- A0196566.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS383.CAB
- A0196576.CPY TROJ_STARTER.B Undeletable
- A0196578.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS384.CAB
- A0196592.CPY TROJ_STARTER.B Undeletable
- A0196594.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS385.CAB
- A0196654.CPY TROJ_STARTER.B Undeletable
- A0196656.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS386.CAB
- A0196686.CPY TROJ_STARTER.B Undeletable
- A0196688.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS387.CAB
- A0197686.CPY TROJ_STARTER.B Undeletable
- A0197688.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS388.CAB
- A0198686.CPY TROJ_STARTER.B Undeletable
- A0198688.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS389.CAB
- A0198746.CPY TROJ_STARTER.B Undeletable
- A0198748.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS390.CAB
- A0198791.CPY TROJ_STARTER.B Undeletable
- A0198793.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS391.CAB
- A0198803.CPY TROJ_STARTER.B Undeletable
- A0198805.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS392.CAB
- A0199803.CPY TROJ_STARTER.B Undeletable
- A0199805.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS393.CAB
- A0199877.CPY TROJ_STARTER.B Undeletable
- A0199879.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS394.CAB
- A0199891.CPY TROJ_STARTER.B Undeletable
- A0199893.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS395.CAB
- A0199958.CPY TROJ_STARTER.B Undeletable
- A0199960.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS396.CAB
- A0200003.CPY TROJ_STARTER.B Undeletable
- A0200005.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS397.CAB
- A0200104.CPY TROJ_STARTER.B Undeletable
- A0200106.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS398.CAB
- A0200207.CPY TROJ_STARTER.B Undeletable
- A0200209.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS399.CAB
- A0201207.CPY TROJ_STARTER.B Undeletable
- A0201209.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS400.CAB
- A0201237.CPY TROJ_STARTER.B Undeletable
- A0201239.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS401.CAB
- A0201324.CPY TROJ_STARTER.B Undeletable
- A0201326.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS402.CAB
- A0201390.CPY TROJ_STARTER.B Undeletable
- A0201392.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS403.CAB
- A0202390.CPY TROJ_STARTER.B Undeletable
- A0202392.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS404.CAB
- A0202462.CPY TROJ_STARTER.B Undeletable
- A0202464.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS405.CAB
- A0202473.CPY TROJ_STARTER.B Undeletable
- A0202475.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS408.CAB
- A0202760.CPY TROJ_STARTER.B Undeletable
- A0202762.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS409.CAB
- A0202799.CPY TROJ_STARTER.B Undeletable
- A0202801.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS410.CAB
- A0202888.CPY TROJ_STARTER.B Undeletable
- A0202890.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS411.CAB
- A0202904.CPY TROJ_STARTER.B Undeletable
- A0202906.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS412.CAB
- A0202999.CPY TROJ_STARTER.B Undeletable
- A0203001.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS413.CAB
- A0203058.CPY TROJ_STARTER.B Undeletable
- A0203060.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS415.CAB
- A0203283.CPY TROJ_STARTER.B Undeletable
- A0203285.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS416.CAB
- A0204283.CPY TROJ_STARTER.B Undeletable
- A0204285.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS417.CAB
- A0204311.CPY TROJ_STARTER.B Undeletable
- A0204313.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS418.CAB
- A0205311.CPY TROJ_STARTER.B Undeletable
- A0205313.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS419.CAB
- A0205353.CPY TROJ_STARTER.B Undeletable
- A0205355.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS420.CAB
- A0206353.CPY TROJ_STARTER.B Undeletable
- A0206355.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS421.CAB
- A0206391.CPY TROJ_STARTER.B Undeletable
- A0206393.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS422.CAB
- A0206480.CPY TROJ_STARTER.B Undeletable
- A0206482.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS423.CAB
- A0207480.CPY TROJ_STARTER.B Undeletable
- A0207482.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS424.CAB
- A0207603.CPY TROJ_STARTER.B Undeletable
- A0207605.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS425.CAB
- A0207701.CPY TROJ_STARTER.B Undeletable
- A0207703.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS426.CAB
- A0207827.CPY TROJ_STARTER.B Undeletable
- A0207829.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS427.CAB
- A0208827.CPY TROJ_STARTER.B Undeletable
- A0208829.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS428.CAB
- A0208986.CPY TROJ_STARTER.B Undeletable
- A0208988.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS429.CAB
- A0209138.CPY TROJ_STARTER.B Undeletable
- A0209140.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS406.CAB
- A0202598.CPY TROJ_STARTER.B Undeletable
- A0202600.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS430.CAB
- A0209164.CPY TROJ_STARTER.B Undeletable
- A0209166.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS431.CAB
- A0210164.CPY TROJ_STARTER.B Undeletable
- A0210166.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS432.CAB
- A0210224.CPY TROJ_STARTER.B Undeletable
- A0210226.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS433.CAB
- A0210271.CPY TROJ_STARTER.B Undeletable
- A0210273.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS441.CAB
- A0212583.CPY TROJ_STARTER.B Undeletable
- A0212585.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS438.CAB
- A0212469.CPY TROJ_STARTER.B Undeletable
- A0212471.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS449.CAB
- A0213932.CPY TROJ_STARTER.B Undeletable
- A0213934.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS442.CAB
- A0212603.CPY TROJ_STARTER.B Undeletable
- A0212605.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS443.CAB
- A0212641.CPY TROJ_STARTER.B Undeletable
- A0212643.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS444.CAB
- A0213641.CPY TROJ_STARTER.B Undeletable
- A0213643.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS451.CAB
- A0213948.CPY TROJ_STARTER.B Undeletable
- A0213950.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS414.CAB
- A0203119.CPY TROJ_STARTER.B Undeletable
- A0203121.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS456.CAB
- A0214239.CPY TROJ_STARTER.B Undeletable
- A0214241.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS452.CAB
- A0214076.CPY TROJ_STARTER.B Undeletable
- A0214078.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS453.CAB
- A0214086.CPY TROJ_STARTER.B Undeletable
- A0214088.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS454.CAB
- A0214163.CPY TROJ_STARTER.B Undeletable
- A0214165.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS462.CAB
- A0214681.CPY TROJ_STARTER.B Undeletable
- A0214683.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS458.CAB
- A0214324.CPY TROJ_STARTER.B Undeletable
- A0214326.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS436.CAB
- A0212271.CPY TROJ_STARTER.B Undeletable
- A0212273.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS470.CAB
- A0240967.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS464.CAB
- A0240683.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS466.CAB
- A0240743.CPY TROJ_STARTER.B Undeletable
- A0240745.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS474.CAB
- A0241185.CPY TROJ_STARTER.B Undeletable
- A0241187.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS471.CAB
- A0240966.CPY TROJ_STARTER.B Undeletable
- A0240968.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS476.CAB
- A0242240.CPY TROJ_STARTER.B Undeletable
- A0242242.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS477.CAB
- A0242274.CPY TROJ_STARTER.B Undeletable
- A0242276.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS478.CAB
- A0242304.CPY TROJ_STARTER.B Undeletable
- A0242306.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS479.CAB
- A0242319.CPY TROJ_STARTER.B Undeletable
- A0242321.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS480.CAB
- A0242328.CPY TROJ_STARTER.B Undeletable
- A0242330.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS475.CAB
- A0241240.CPY TROJ_STARTER.B Undeletable
- A0241242.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS488.CAB
- A0246029.CPY TROJ_STARTER.B Undeletable
- A0246031.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS481.CAB
- A0244952.CPY TROJ_STARTER.B Undeletable
- A0244954.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS362.CAB
- A0244683.CPY TROJ_STARTER.B Undeletable
- A0244685.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS482.CAB
- A0245033.CPY TROJ_STARTER.B Undeletable
- A0245035.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS497.CAB
- A0246444.CPY TROJ_STARTER.B Undeletable
- A0246446.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS490.CAB
- A0246277.CPY TROJ_STARTER.B Undeletable
- A0246279.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS491.CAB
- A0246298.CPY TROJ_STARTER.B Undeletable
- A0246300.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS492.CAB
- A0245429.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS489.CAB
- A0246157.CPY TROJ_STARTER.B Undeletable
- A0246159.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS498.CAB
- A0246575.CPY TROJ_STARTER.B Undeletable
- A0246577.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS499.CAB
- A0247575.CPY TROJ_STARTER.B Undeletable
- A0247577.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS500.CAB
- A0247599.CPY TROJ_STARTER.B Undeletable
- A0247601.CPY TROJ_STRTPAGE.I Undeletable
C:\_RESTORE\ARCHIVE\FS363.CAB
- A0244813.CPY TROJ_STARTER.B Undeletable
- A0244815.CPY TROJ_STRTPAGE.I Undeletable
C:\q.exe TROJ_SMALL.GR Deletion successful
C:\NULL TROJ_DLOADER.GZ Deletion successful




Trojan/Worm Check 0 worm/Trojan horse deleted

What we checked:Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer.
Results:We have detected 0 Trojan horse program(s) and worm(s) on your computer: - 0 worm(s)/Trojan(s) passed, 0 worm(s)/Trojan(s) no action available
- 0 Worm(s)/Trojan(s) deleted, 0 worm(s)/Trojan(s) undeletable
  • 0

#12
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello jackkv,

Let's try disabling system restore.

1. Right-click My Computer, and then click Properties.
2. On the Performance tab, click File System, or press ALT+F.
3. On the Troubleshooting tab, click to select the Disable System Restore check box.
4. Click OK twice, and then click Yes when you are prompted to restart the computer.

Download, and install CleanUp!

Reboot into safemode by tapping the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Now run CleanUp!

After it's all done reboot into normally.

Please run the following free, online virus scans.

http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp

Please post the logs From both virus scans and a new HijackThis log.

~Kristy

Edited by Rustymilo, 04 July 2005 - 07:02 PM.

  • 0

#13
jackkv

jackkv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Kristy,

I disabled the restore system as you advised and ran CleanUp (deleted over 14,000 files!!) When I clicked on the panda link you provided, I got a page that said the site was unavailable, so I couldn't run that. The HouseCall ran and found ZERO infected files (and this time I saw the Auto Clean function from your link), so hopefully that's a sign that we're on the right track here. There was no log from Housecall.

Here is the updated HiJack This ...

Logfile of HijackThis v1.99.1
Scan saved at 7:43:15 PM, on 7/4/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPMON32.EXE
C:\PROGRAM FILES\SBC SELF SUPPORT TOOL\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMON32.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBROWSER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://
F1 - win.ini: run=C:\WINDOWS\hpfsched.exe
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl"); (C:\Program Files\Netscape\Users\User00\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMon32.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [NetMDSB] C:\PROGRAM FILES\SONY\MD SIMPLE BURNER\NETMDSB.EXE -start
O4 - HKLM\..\RunServices: [panda cleaner] %SystemRoot%\pavdr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O12 - Plugin for .mp3: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npwinamp.dll
O12 - Plugin for .avi: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npavi32.dll
O12 - Plugin for .wav: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...ebscan_ansi.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
  • 0

#14
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello jackkv,

Your log looks great! How is your computer running? Any problems? If all is good let me know, and please read the prevention tips below.


IMPORTANT** You need to enable system restore if your computer is working well now. If you aren't sure how to enable it please ask. Also, make sure to re-hide hidden files.

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.
And also see TonyKlein's good advice
So how did I get infected in the first place? and Spyware Aid's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.

~Kristy

Edited by Rustymilo, 04 July 2005 - 09:00 PM.

  • 0

#15
jackkv

jackkv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Kristy,

Good news and bad news:

The good news is that I haven't gotten any of those warning messages I described earlier.

The bad news is that my computer still slows down significantly after a while. It's about as slow as dial-up (maybe slower) - and even the non-internet functions are slow, like when I try to open a Word or Excel document or even look up My Documents.

What could this mean?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP