programs stop reponding

Hi Kim,

Thanks for the feedback.

This:
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer)
appears to be malware according to this page:
http://www.pestpatrol.com/PestInfo/w..._installer.asp

follow the instructions in this page for its removal. But before,
export the registry using Start run regedit File Export and
create a restore point.

You might also want to post your Hijack This log he
http://www.cybertechhelp.com/forums/
for more opinions.

That one is the main suspect.

After you have done this, let's see if you can get to Yahoo Games.

Good luck

On Mon, 12 Apr 2004 12:46:05 -0700, Kim M.
wrote:

I finally was able to get HiJackThis to download and here is what it found. Again, thank you soooo much for all the help and I hope you will be able to make some suggestions that will fix the new problems. I am now able to get to Google but Yahoo Games
still won't open for the tables and it won't open some websites. I had to go back and restore to yesterday just to be able to download this software but again I still have these other problems that I can't take care of yet (i.e. trojans, etc.).

Thank you, Kim M.

P.S. I can't tell you how grateful I am for all your help, again, THANK YOU!!

Logfile of HijackThis v1.97.7
Scan saved at 3:37:09 PM, on 4/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\toshiba\ivp\ISM\pinger.exe
C:\PROGRA~1\EzButton\CP888M1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
c:\Temp\Rar$EX12.032\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O1 - Hosts: 217.116.231.7 aimtoday.aol.com12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CP888M1] C:\PROGRA~1\EzButton\CP888M1.EXE
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/game...ts/y/st2_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

I downloaded the PestPatrol software and located the malware file but now the program is telling me that I have to purchase the licensed version to be able to quarantine of delete the file. I really don't want to spend the $40 to get this problem fixed...
is there any way that I can delete or quarantine it for free? I know it sounds like I am cheap but I had just purchased a copy of the "revered" Norton Internet Security just to find that it is not protecting me from the 6 odd trojans that have been found.
If I sound bitter, it's because I am now. Until now, I just ASSumed that Norton knew about every virus and trojan known to man but you can now see where that got me...Thanks, Kim

Kim,

On Sun, 11 Apr 2004 22:06:04 -0700, Kim M.
wrote:

Well I think I spoke too soon about getting everything fixed. After running all the recommended software, I am unable to get onto some websites such as Google and I am unable to get into any tables on Yahoo games. Is there anyway that I can fix this? R
ight after I ran adware, I did the recommended quarantine and then when I went to open the threads in this topic it would not display the text. I went back and did a recover which fixed this problem but now I have all the other files that should have been
quarantined but are not any longer. Is there a way that I could tell which files should be quarantined so as not to cause this problem to re-occur?

Thanks Kim M.

You can download Hijack This from he

http://www.mjc1.com/files/merijn/hijackthis.exe

Go he
http://mjc1.com/mirror/hjt/

For instructions on how to use it; you have to post the log it makes
so experts tell you what is good and what is malware.

What you will do is a scan of your system and post the results of the
scan so experts can tell you which parts are malware and safe to
delete.

Good luck

Kim,

On Sun, 11 Apr 2004 22:06:04 -0700, Kim M.
wrote:

Well I think I spoke too soon about getting everything fixed. After running all the recommended software, I am unable to get onto some websites such as Google and I am unable to get into any tables on Yahoo games. Is there anyway that I can fix this? R
ight after I ran adware, I did the recommended quarantine and then when I went to open the threads in this topic it would not display the text. I went back and did a recover which fixed this problem but now I have all the other files that should have been
quarantined but are not any longer. Is there a way that I could tell which files should be quarantined so as not to cause this problem to re-occur?

Thanks Kim M.

You can download Hijack This from he

http://www.mjc1.com/files/merijn/hijackthis.exe

Go he
http://mjc1.com/mirror/hjt/

For instructions on how to use it; you have to post the log it makes
so experts tell you what is good and what is malware.

What you will do is a scan of your system and post the results of the
scan so experts can tell you which parts are malware and safe to
delete.

Good luck

I finally was able to get HiJackThis to download and here is what it found. Again, thank you soooo much for all the help and I hope you will be able to make some suggestions that will fix the new problems. I am now able to get to Google but Yahoo Games s
till won't open for the tables and it won't open some websites. I had to go back and restore to yesterday just to be able to download this software but again I still have these other problems that I can't take care of yet (i.e. trojans, etc.).

Thank you, Kim M.

P.S. I can't tell you how grateful I am for all your help, again, THANK YOU!!

Logfile of HijackThis v1.97.7
Scan saved at 3:37:09 PM, on 4/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\toshiba\ivp\ISM\pinger.exe
C:\PROGRA~1\EzButton\CP888M1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
c:\Temp\Rar$EX12.032\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O1 - Hosts: 217.116.231.7 aimtoday.aol.com12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CP888M1] C:\PROGRA~1\EzButton\CP888M1.EXE
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/game...ts/y/st2_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

Kim,

On Sun, 11 Apr 2004 22:06:04 -0700, Kim M.
wrote:

Well I think I spoke too soon about getting everything fixed. After running all the recommended software, I am unable to get onto some websites such as Google and I am unable to get into any tables on Yahoo games. Is there anyway that I can fix this? R
ight after I ran adware, I did the recommended quarantine and then when I went to open the threads in this topic it would not display the text. I went back and did a recover which fixed this problem but now I have all the other files that should have been
quarantined but are not any longer. Is there a way that I could tell which files should be quarantined so as not to cause this problem to re-occur?

Thanks Kim M.

You can download Hijack This from he

http://www.mjc1.com/files/merijn/hijackthis.exe

Go he
http://mjc1.com/mirror/hjt/

For instructions on how to use it; you have to post the log it makes
so experts tell you what is good and what is malware.

What you will do is a scan of your system and post the results of the
scan so experts can tell you which parts are malware and safe to
delete.

Good luck

Hi Kim,

Thanks for the feedback.

This:
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer)
appears to be malware according to this page:
http://www.pestpatrol.com/PestInfo/w..._installer.asp

follow the instructions in this page for its removal. But before,
export the registry using Start run regedit File Export and
create a restore point.

You might also want to post your Hijack This log he
http://www.cybertechhelp.com/forums/
for more opinions.

That one is the main suspect.

After you have done this, let's see if you can get to Yahoo Games.

Good luck

On Mon, 12 Apr 2004 12:46:05 -0700, Kim M.
wrote:

I finally was able to get HiJackThis to download and here is what it found. Again, thank you soooo much for all the help and I hope you will be able to make some suggestions that will fix the new problems. I am now able to get to Google but Yahoo Games
still won't open for the tables and it won't open some websites. I had to go back and restore to yesterday just to be able to download this software but again I still have these other problems that I can't take care of yet (i.e. trojans, etc.).

Thank you, Kim M.

P.S. I can't tell you how grateful I am for all your help, again, THANK YOU!!

Logfile of HijackThis v1.97.7
Scan saved at 3:37:09 PM, on 4/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\toshiba\ivp\ISM\pinger.exe
C:\PROGRA~1\EzButton\CP888M1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
c:\Temp\Rar$EX12.032\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O1 - Hosts: 217.116.231.7 aimtoday.aol.com12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CP888M1] C:\PROGRA~1\EzButton\CP888M1.EXE
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/game...ts/y/st2_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

I finally was able to get HiJackThis to download and here is what it found. Again, thank you soooo much for all the help and I hope you will be able to make some suggestions that will fix the new problems. I am now able to get to Google but Yahoo Games s
till won't open for the tables and it won't open some websites. I had to go back and restore to yesterday just to be able to download this software but again I still have these other problems that I can't take care of yet (i.e. trojans, etc.).

Thank you, Kim M.

P.S. I can't tell you how grateful I am for all your help, again, THANK YOU!!

Logfile of HijackThis v1.97.7
Scan saved at 3:37:09 PM, on 4/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\toshiba\ivp\ISM\pinger.exe
C:\PROGRA~1\EzButton\CP888M1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
c:\Temp\Rar$EX12.032\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O1 - Hosts: 217.116.231.7 aimtoday.aol.com12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CP888M1] C:\PROGRA~1\EzButton\CP888M1.EXE
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/game...ts/y/st2_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

Hi Kim,

Thanks for the feedback.

This:
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer)
appears to be malware according to this page:
http://www.pestpatrol.com/PestInfo/w..._installer.asp

follow the instructions in this page for its removal. But before,
export the registry using Start run regedit File Export and
create a restore point.

You might also want to post your Hijack This log he
http://www.cybertechhelp.com/forums/
for more opinions.

That one is the main suspect.

After you have done this, let's see if you can get to Yahoo Games.

Good luck

On Mon, 12 Apr 2004 12:46:05 -0700, Kim M.
wrote:

I finally was able to get HiJackThis to download and here is what it found. Again, thank you soooo much for all the help and I hope you will be able to make some suggestions that will fix the new problems. I am now able to get to Google but Yahoo Games
still won't open for the tables and it won't open some websites. I had to go back and restore to yesterday just to be able to download this software but again I still have these other problems that I can't take care of yet (i.e. trojans, etc.).

Thank you, Kim M.

P.S. I can't tell you how grateful I am for all your help, again, THANK YOU!!

Logfile of HijackThis v1.97.7
Scan saved at 3:37:09 PM, on 4/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\toshiba\ivp\ISM\pinger.exe
C:\PROGRA~1\EzButton\CP888M1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
c:\Temp\Rar$EX12.032\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O1 - Hosts: 217.116.231.7 aimtoday.aol.com12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CP888M1] C:\PROGRA~1\EzButton\CP888M1.EXE
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/game...ts/y/st2_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

Kim,

On Sun, 11 Apr 2004 22:06:04 -0700, Kim M.
wrote:

Well I think I spoke too soon about getting everything fixed. After running all the recommended software, I am unable to get onto some websites such as Google and I am unable to get into any tables on Yahoo games. Is there anyway that I can fix this? R
ight after I ran adware, I did the recommended quarantine and then when I went to open the threads in this topic it would not display the text. I went back and did a recover which fixed this problem but now I have all the other files that should have been
quarantined but are not any longer. Is there a way that I could tell which files should be quarantined so as not to cause this problem to re-occur?

Thanks Kim M.

You can download Hijack This from he

http://www.mjc1.com/files/merijn/hijackthis.exe

Go he
http://mjc1.com/mirror/hjt/

For instructions on how to use it; you have to post the log it makes
so experts tell you what is good and what is malware.

What you will do is a scan of your system and post the results of the
scan so experts can tell you which parts are malware and safe to
delete.

Good luck

I downloaded the PestPatrol software and located the malware file but now the program is telling me that I have to purchase the licensed version to be able to quarantine of delete the file. I really don't want to spend the $40 to get this problem fixed...
is there any way that I can delete or quarantine it for free? I know it sounds like I am cheap but I had just purchased a copy of the "revered" Norton Internet Security just to find that it is not protecting me from the 6 odd trojans that have been found.
If I sound bitter, it's because I am now. Until now, I just ASSumed that Norton knew about every virus and trojan known to man but you can now see where that got me...Thanks, Kim

Hi Kim,

On Mon, 12 Apr 2004 17:56:02 -0700, Kim M.
wrote:

I downloaded the PestPatrol software and located the malware file but now the program is telling me that I have to purchase the licensed version to be able to quarantine of delete the file. I really don't want to spend the $40 to get this problem fixed..
.is there any way that I can delete or quarantine it for free? I know it sounds like I am cheap but I had just purchased a copy of the "revered" Norton Internet Security just to find that it is not protecting me from the 6 odd trojans that have been found
. If I sound bitter, it's because I am now. Until now, I just ASSumed that Norton knew about every virus and trojan known to man but you can now see where that got me...Thanks, Kim

You don't have to buy the software. Especially when you can use
ad-aware and spybot which are free to do your routine scans for
malware.

To get rid of this specific malware, you can do it yourself, manually,
if you follow the instructions of this page:
http://www.pestpatrol.com/PestInfo/w..._installer.asp

You only have to delete some registry keys:

HKEY_CLASSES_ROOT\clsid\{1d6711c8-7154-40bb-8380-3dea45b69cbf}
HKEY_CLASSES_ROOT\webp2pinstaller.installer
HKEY_CLASSES_ROOT\webp2pinstaller.installer.1
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution
units\{1d6711c8-7154-40bb-8380-3dea45b69cbf}

Make a copy of it before you start (Start Run regedit File
Export) and create a restore point for added safety.

Good luck

I downloaded the PestPatrol software and located the malware file but now the program is telling me that I have to purchase the licensed version to be able to quarantine of delete the file. I really don't want to spend the $40 to get this problem fixed...
is there any way that I can delete or quarantine it for free? I know it sounds like I am cheap but I had just purchased a copy of the "revered" Norton Internet Security just to find that it is not protecting me from the 6 odd trojans that have been found.
If I sound bitter, it's because I am now. Until now, I just ASSumed that Norton knew about every virus and trojan known to man but you can now see where that got me...Thanks, Kim

Kim,

On Sun, 11 Apr 2004 22:06:04 -0700, Kim M.
wrote:

Well I think I spoke too soon about getting everything fixed. After running all the recommended software, I am unable to get onto some websites such as Google and I am unable to get into any tables on Yahoo games. Is there anyway that I can fix this? R
ight after I ran adware, I did the recommended quarantine and then when I went to open the threads in this topic it would not display the text. I went back and did a recover which fixed this problem but now I have all the other files that should have been
quarantined but are not any longer. Is there a way that I could tell which files should be quarantined so as not to cause this problem to re-occur?

Thanks Kim M.

You can download Hijack This from he

http://www.mjc1.com/files/merijn/hijackthis.exe

Go he
http://mjc1.com/mirror/hjt/

For instructions on how to use it; you have to post the log it makes
so experts tell you what is good and what is malware.

What you will do is a scan of your system and post the results of the
scan so experts can tell you which parts are malware and safe to
delete.

Good luck

I finally was able to get HiJackThis to download and here is what it found. Again, thank you soooo much for all the help and I hope you will be able to make some suggestions that will fix the new problems. I am now able to get to Google but Yahoo Games s
till won't open for the tables and it won't open some websites. I had to go back and restore to yesterday just to be able to download this software but again I still have these other problems that I can't take care of yet (i.e. trojans, etc.).

Thank you, Kim M.

P.S. I can't tell you how grateful I am for all your help, again, THANK YOU!!

Logfile of HijackThis v1.97.7
Scan saved at 3:37:09 PM, on 4/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\toshiba\ivp\ISM\pinger.exe
C:\PROGRA~1\EzButton\CP888M1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
c:\Temp\Rar$EX12.032\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O1 - Hosts: 217.116.231.7 aimtoday.aol.com12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CP888M1] C:\PROGRA~1\EzButton\CP888M1.EXE
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/game...ts/y/st2_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab