I think I have a variant of the Win32.Stration worm, because (1) NAV keeps
closing, and (2) when I run a NAV 2007 scan (which is only available soon
after rebooting), it pauses for a long time at Windows\System32\e1.dll,
which I understand is associated with numerous W32.Stration variants. The
scan either stops running, or completes without finding anything. (If I'm
wrong about e1.dll being a bad file, please let me know.)

I also cannot complete an AdAware scan, or the online scan at pandasoftware,
which shuts down the browser during the scan. The computer also takes longer
than usual to start up. I have run Spybot and the online scans from
MicroTrend and a couple of others, which removed whatever they found, but
this issue continues.

However, when I try to follow Symantec's instructions for manually removing
W32.Stration, I do NOT find any of the expected registry entries for the
virus. I also cannot find or see the file Windows\System32\e1.dll, although
I have WinXP folders set to show hidden files.

So my questions at this point are:

1) When I see a file name (such as this e1.dll) displayed in NAV 2007 as
the scan proceeds, does that in fact mean that I have the file on my
computer? (Or, does NAV, like some of the spyware progs, display names of
things it's looking for, even if not present?)

2) If answer to (1) is "yes", then why can't I see e1.dll? Or, for that
matter, the registry entries associated with it?

3) Any ideas for removing this? Or for otherwise getting NAV to work? (I
have already run a couple of Symantec's fix tools for "Auto-protect
experienced an unexpected error" and for "unable to turn on", but they
haven't worked.)

I realize some will say "dump NAV and get AVG" or something else, but I'd
really like to get at what's happening now, and the online scan from Grisoft
didn't fix this -- besides, I've got a long time to go on my Norton
subscription. Thanks for any help at all!

From: "Ted Kerin" <(E-Mail Removed)>

| I think I have a variant of the Win32.Stration worm, because (1) NAV keeps
| closing, and (2) when I run a NAV 2007 scan (which is only available soon
| after rebooting), it pauses for a long time at Windows\System32\e1.dll,
| which I understand is associated with numerous W32.Stration variants. The
| scan either stops running, or completes without finding anything. (If I'm
| wrong about e1.dll being a bad file, please let me know.)
|
| I also cannot complete an AdAware scan, or the online scan at pandasoftware,
| which shuts down the browser during the scan. The computer also takes longer
| than usual to start up. I have run Spybot and the online scans from
| MicroTrend and a couple of others, which removed whatever they found, but
| this issue continues.
|
| However, when I try to follow Symantec's instructions for manually removing
| W32.Stration, I do NOT find any of the expected registry entries for the
| virus. I also cannot find or see the file Windows\System32\e1.dll, although
| I have WinXP folders set to show hidden files.
|
| So my questions at this point are:
|
| 1) When I see a file name (such as this e1.dll) displayed in NAV 2007 as
| the scan proceeds, does that in fact mean that I have the file on my
| computer? (Or, does NAV, like some of the spyware progs, display names of
| things it's looking for, even if not present?)
|
| 2) If answer to (1) is "yes", then why can't I see e1.dll? Or, for that
| matter, the registry entries associated with it?
|
| 3) Any ideas for removing this? Or for otherwise getting NAV to work? (I
| have already run a couple of Symantec's fix tools for "Auto-protect
| experienced an unexpected error" and for "unable to turn on", but they
| haven't worked.)
|
| I realize some will say "dump NAV and get AVG" or something else, but I'd
| really like to get at what's happening now, and the online scan from Grisoft
| didn't fix this -- besides, I've got a long time to go on my Norton
| subscription. Thanks for any help at all!
|

Please submit a sample of "e1.dll" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
private.php?do=newpm&u=?subject=SCAN

When you get the report, please post back the exact results.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:nDsqi.179$vW.36@trnddc08...
> From: "Ted Kerin" <(E-Mail Removed)>
>
> | I think I have a variant of the Win32.Stration worm, because (1) NAV
> keeps
> | closing, and (2) when I run a NAV 2007 scan (which is only available
> soon
> | after rebooting), it pauses for a long time at Windows\System32\e1.dll,
> | which I understand is associated with numerous W32.Stration variants.
> The
> | scan either stops running, or completes without finding anything. (If
> I'm
> | wrong about e1.dll being a bad file, please let me know.)
> |
> | I also cannot complete an AdAware scan, or the online scan at
> pandasoftware,
> | which shuts down the browser during the scan. The computer also takes
> longer
> | than usual to start up. I have run Spybot and the online scans from
> | MicroTrend and a couple of others, which removed whatever they found,
> but
> | this issue continues.
> |
> | However, when I try to follow Symantec's instructions for manually
> removing
> | W32.Stration, I do NOT find any of the expected registry entries for the
> | virus. I also cannot find or see the file Windows\System32\e1.dll,
> although
> | I have WinXP folders set to show hidden files.
> |
> | So my questions at this point are:
> |
> | 1) When I see a file name (such as this e1.dll) displayed in NAV 2007
> as
> | the scan proceeds, does that in fact mean that I have the file on my
> | computer? (Or, does NAV, like some of the spyware progs, display names
> of
> | things it's looking for, even if not present?)
> |
> | 2) If answer to (1) is "yes", then why can't I see e1.dll? Or, for that
> | matter, the registry entries associated with it?
> |
> | 3) Any ideas for removing this? Or for otherwise getting NAV to work?
> (I
> | have already run a couple of Symantec's fix tools for "Auto-protect
> | experienced an unexpected error" and for "unable to turn on", but they
> | haven't worked.)
> |
> | I realize some will say "dump NAV and get AVG" or something else, but
> I'd
> | really like to get at what's happening now, and the online scan from
> Grisoft
> | didn't fix this -- besides, I've got a long time to go on my Norton
> | subscription. Thanks for any help at all!
> |
>
> Please submit a sample of "e1.dll" to Virus Total --
> http://www.virustotal.com/flash/index_en.html
> The submission will then be tested against many different AV vendor's
> scanners.
> That will give you an idea what it is and who recognizes it. In addition,
> unless told
> otherwise, Virus Total will provide the sample to all participating
> vendors.
>
> You can also submit a suspect, one at a time, via the following email
> URL...
> private.php?do=newpm&u=?subject=SCAN
>
> When you get the report, please post back the exact results.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

Thanks, Dave. But as I said, I can't even find the file, much less Save it
or submit it. Sorry if I didn't explain it well.

When I do the NAV 2000 scan, it shows me the files that (I assume, maybe
wrongly) it is scanning at the time. And the scan pauses on
"C:\Windows\System32\e1.dll." (Then the scan either fails, or eventually
completes without reporting any virus.)

But, when I look in the System32 folder, I do NOT see any file called
e1.dll. And a Search (including search for hidden and system files) does
not find any file e1.dll. I have WinXP folder set to show hidden files.

The only place I see "e1.dll" is in NAV, during the scan, which I assume
means that NAV is then scanning such file -- no?

From: "Ted Kerin" <(E-Mail Removed)>


| Thanks, Dave. But as I said, I can't even find the file, much less Save it
| or submit it. Sorry if I didn't explain it well.
|
| When I do the NAV 2000 scan, it shows me the files that (I assume, maybe
| wrongly) it is scanning at the time. And the scan pauses on
| "C:\Windows\System32\e1.dll." (Then the scan either fails, or eventually
| completes without reporting any virus.)
|
| But, when I look in the System32 folder, I do NOT see any file called
| e1.dll. And a Search (including search for hidden and system files) does
| not find any file e1.dll. I have WinXP folder set to show hidden files.
|
| The only place I see "e1.dll" is in NAV, during the scan, which I assume
| means that NAV is then scanning such file -- no?
|

It probably is marked as a Hidden & System file.

attrib -r -h -s C:\Windows\System32\e1.dll

Now submit it.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:KyIqi.436$vW.252@trnddc08...
> From: "Ted Kerin" <(E-Mail Removed)>
>
>
> | Thanks, Dave. But as I said, I can't even find the file, much less Save
> it
> | or submit it. Sorry if I didn't explain it well.
> |
> | When I do the NAV 2000 scan, it shows me the files that (I assume, maybe
> | wrongly) it is scanning at the time. And the scan pauses on
> | "C:\Windows\System32\e1.dll." (Then the scan either fails, or
> eventually
> | completes without reporting any virus.)
> |
> | But, when I look in the System32 folder, I do NOT see any file called
> | e1.dll. And a Search (including search for hidden and system files)
> does
> | not find any file e1.dll. I have WinXP folder set to show hidden files.
> |
> | The only place I see "e1.dll" is in NAV, during the scan, which I assume
> | means that NAV is then scanning such file -- no?
> |
>
> It probably is marked as a Hidden & System file.
>
> attrib -r -h -s C:\Windows\System32\e1.dll
>
> Now submit it.
>
> --


Thanks again, Dave.

When I run that command to remove the hidden, system and read-only
attributes, I get "file not found". Maybe I don't have the file after all,
despite NAV displaying that filename during the scan? Or, do you think the
virus may be clever enough to hide itself even to the DOS search?

"Ted Kerin" <(E-Mail Removed)> wrote in message
news:b03ri.13752$(E-Mail Removed)...
>
> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> news:KyIqi.436$vW.252@trnddc08...
>> From: "Ted Kerin" <(E-Mail Removed)>
>>
>>
>> | Thanks, Dave. But as I said, I can't even find the file, much less Save
>> it
>> | or submit it. Sorry if I didn't explain it well.
>> |
>> | When I do the NAV 2000 scan, it shows me the files that (I assume,
>> maybe
>> | wrongly) it is scanning at the time. And the scan pauses on
>> | "C:\Windows\System32\e1.dll." (Then the scan either fails, or
>> eventually
>> | completes without reporting any virus.)
>> |
>> | But, when I look in the System32 folder, I do NOT see any file called
>> | e1.dll. And a Search (including search for hidden and system files)
>> does
>> | not find any file e1.dll. I have WinXP folder set to show hidden files.
>> |
>> | The only place I see "e1.dll" is in NAV, during the scan, which I
>> assume
>> | means that NAV is then scanning such file -- no?
>> |
>>
>> It probably is marked as a Hidden & System file.
>>
>> attrib -r -h -s C:\Windows\System32\e1.dll
>>
>> Now submit it.
>>
>> --
>
>
> Thanks again, Dave.
>
> When I run that command to remove the hidden, system and read-only
> attributes, I get "file not found". Maybe I don't have the file after
> all, despite NAV displaying that filename during the scan? Or, do you
> think the virus may be clever enough to hide itself even to the DOS
> search?
>

Here's my hjt log, if it helps:

Logfile of HijackThis v1.97.7
Scan saved at 12:02:51 PM, on 7/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements
3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\NovaStor\NOVABA~1\NSENGINE.exe
C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\H\HijackThis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext =
"C:\Program Files\Outlook Express\msimn.exe"
O1 - Hosts: 127.0.0.0 localhost
O1 - Hosts: 127.0.0.2 auditmypc.com
O1 - Hosts: 127.0.0.3 boards.cexx.org
O1 - Hosts: 127.0.0.4 bulletproofsoft.net
O1 - Hosts: 127.0.0.5 camtech2000.net
O1 - Hosts: 127.0.0.6 cexx.org
O1 - Hosts: 127.0.0.7 computercops.us
O1 - Hosts: 127.0.0.8 ct7support.com
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
O1 - Hosts: 127.0.0.21 kephyr.com
O1 - Hosts: 127.0.0.22 lavasoft.de
O1 - Hosts: 127.0.0.23 lavasoftusa.com
O1 - Hosts: 127.0.0.24 lurkhere.com
O1 - Hosts: 127.0.0.25 majorgeeks.com
O1 - Hosts: 127.0.0.26 merijn.org
O1 - Hosts: 127.0.0.27 mjc1.com
O1 - Hosts: 127.0.0.28 moosoft.com
O1 - Hosts: 127.0.0.29 mvps.org
O1 - Hosts: 127.0.0.30 net-integration.net
O1 - Hosts: 127.0.0.31 noadware.net
O1 - Hosts: 127.0.0.32 no-spybot.com
O1 - Hosts: 127.0.0.33 onlinepcfix.com
O1 - Hosts: 127.0.0.34 pchell.com
O1 - Hosts: 127.0.0.36 safer-networking.org
O1 - Hosts: 127.0.0.37 secure.spykiller.com
O1 - Hosts: 127.0.0.38 secureie.com
O1 - Hosts: 127.0.0.39 security.kolla.de
O1 - Hosts: 127.0.0.40 spybot.info
O1 - Hosts: 127.0.0.41 spychecker.com
O1 - Hosts: 127.0.0.42 spychecker.com
O1 - Hosts: 127.0.0.43 spycop.com
O1 - Hosts: 127.0.0.44 spyguard.com
O1 - Hosts: 127.0.0.45 spykiller.com
O1 - Hosts: 127.0.0.46 spyware.co.uk
O1 - Hosts: 127.0.0.47 spyware-cop.com
O1 - Hosts: 127.0.0.48 spywareinfo.com
O1 - Hosts: 127.0.0.49 spywarenuker.com
O1 - Hosts: 127.0.0.50 spywareremove.com
O1 - Hosts: 127.0.0.51 spywareremove.com
O1 - Hosts: 127.0.0.52 stopzillapro.com
O1 - Hosts: 127.0.0.53 sunbelt-software.com
O1 - Hosts: 127.0.0.54 thiefware.com
O1 - Hosts: 127.0.0.55 tomcoyote.org
O1 - Hosts: 127.0.0.56 unwantedlinks.com
O1 - Hosts: 127.0.0.58 wilders.org
O1 - Hosts: 127.0.0.59 www.auditmypc.com
O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
O1 - Hosts: 127.0.0.61 www.cexx.org
O1 - Hosts: 127.0.0.62 www.computercops.us
O1 - Hosts: 127.0.0.63 www.ct7support.com
O1 - Hosts: 127.0.0.64 www.doxdesk.com
O1 - Hosts: 127.0.0.65 www.eblocs.com
O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
O1 - Hosts: 127.0.0.69 www.grc.com
O1 - Hosts: 127.0.0.71 www.hackfaq.org
O1 - Hosts: 127.0.0.72 www.hazeleger.net
O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
O1 - Hosts: 127.0.0.75 www.kephyr.com
O1 - Hosts: 127.0.0.76 www.lavasoft.de
O1 - Hosts: 127.0.0.77 www.lavasoftusa.com
O1 - Hosts: 127.0.0.78 www.lurkhere.com
O1 - Hosts: 127.0.0.79 www.majorgeeks.com
O1 - Hosts: 127.0.0.80 www.merijn.org
O1 - Hosts: 127.0.0.81 www.mjc1.com
O1 - Hosts: 127.0.0.82 www.moosoft.com
O1 - Hosts: 127.0.0.83 www.mvps.org
O1 - Hosts: 127.0.0.84 www.net-integration.net
O1 - Hosts: 127.0.0.85 www.noadware.net
O1 - Hosts: 127.0.0.86 www.no-spybot.com
O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
O1 - Hosts: 127.0.0.88 www.pchell.com
O1 - Hosts: 127.0.0.89 www.pestpatrol.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program
Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NovaBackup 7 Tray Control] "C:\Program
Files\NovaStor\NovaBACKUP\NbkCtrl.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program
Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program
Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe
/automation
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common
Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe"
/a /m "C:\Program Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe"
/WAITSERVICE
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat
5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: TabUserW.exe.lnk =
C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH
Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Flash (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan
Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server
VMRC Advanced Control) -
http://www.windowsvistatestdrive.com...veXClient1.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download
Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) -
https://www.ibm.com/pc/support/acces...d/IbmEgath.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www.ca.com/us/securityadvisor...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
https://www-secure.symantec.com/tech...a/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
https://tlr.webex.com/client/latest/webex/ieatgpc.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
https://www-secure.symantec.com/tech...ActiveData.cab

Your system is still infected. That is an old, incomplete and outdated HJT
log but from what it does show you need to use Remove-it version 12, it's
fast and free. It now has over 3500 signatures to remove All variants of
Virusburst, Spy Dawn, Spylock,and Antivermins. New Feature, Remove-it will
now update your hosts file. This tool is designed to Specifically remove all
variants. Scan time is about 2 minutes. Designed for Windows 2000/XP only.
Password is still required.
First read this page http://www.pcbutts1.com/downloads then use the email
link on the bottom of the page to receive the software.


Check my feedback and see what others have said about it
http://pcbutts1-therealtruth.blogspot.com/



--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Ted Kerin" <(E-Mail Removed)> wrote in message
news:973ri.13754$(E-Mail Removed)...
>
> "Ted Kerin" <(E-Mail Removed)> wrote in message
> news:b03ri.13752$(E-Mail Removed)...
>>
>
> Logfile of HijackThis v1.97.7
> Scan saved at 12:02:51 PM, on 7/29/2007
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>

In article <f8j1ul$c21$(E-Mail Removed)>, pcbutts1
@leythosthestalker.com says...
> Your system is still infected.

Why would anyone trust a proposed fix from a site like yours that
exposes kids to porn on the internet?

Many malware infections come from porn sites, how can anyone know that
yours is not another infector?

--
Leythos - (E-Mail Removed) (remove 999 to email me)

Learn more about PCBUTTS1 and his antics and ethic and his perversion
with Porn and Filth. Just take a look at some of the FILTH he's created
and put on his website: http://www.webservertalk.com/message1907860.html
3rd link shows what he's exposed to children (the link I've include does
not directly display his filth). You can find the same information by
googling for 'PCBUTTS1' and 'exposed to kids'.

http://hautesecure.com/siteinfo.aspx?i=pcbutts1.com


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Leythos" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> In article <f8j1ul$c21$(E-Mail Removed)>, pcbutts1
> @leythosthestalker.com says...
>> Your system is still infected.
>
> Why would anyone trust a proposed fix from a site like yours that
> exposes kids to porn on the internet?
>
> Many malware infections come from porn sites, how can anyone know that
> yours is not another infector?
>
> --
> Leythos - (E-Mail Removed) (remove 999 to email me)
>
> Learn more about PCBUTTS1 and his antics and ethic and his perversion
> with Porn and Filth. Just take a look at some of the FILTH he's created
> and put on his website: http://www.webservertalk.com/message1907860.html
> 3rd link shows what he's exposed to children (the link I've include does
> not directly display his filth). You can find the same information by
> googling for 'PCBUTTS1' and 'exposed to kids'.

In article <f8j5e7$ksg$(E-Mail Removed)>, pcbutts1
@leythosthestalker.com says...
> http://hautesecure.com/siteinfo.aspx?i=pcbutts1.com

Obviously they don't take into account the filth you have exposed to
kids on your website, and they can scan password protected Zip files
either.

So, how you going to explain hosting filth on your website and exposing
kids to it to all the people that you try and help?

--
Leythos - (E-Mail Removed) (remove 999 to email me)

Learn more about PCBUTTS1 and his antics and ethic and his perversion
with Porn and Filth. Just take a look at some of the FILTH he's created
and put on his website: http://www.webservertalk.com/message1907860.html
3rd link shows what he's exposed to children (the link I've include does
not directly display his filth). You can find the same information by
googling for 'PCBUTTS1' and 'exposed to kids'.