Microsoft Antispy and spyware that was not detected

[Stewart]

After christmas, I was searching for XBox game info and
ran into site that downloaded some really bad spyware. I
fix the problem manually after 3 days of work. Anyway I
try out this beta and I love it. I was brave enought to
find the site and give it a try.

Here is information that I found about my experiences and
what I had to fix it. Hope this will help make the
software even better

The following site is a really bad site and really ads a
lot of spyware on to the system. I found this earlier and
sent messages to security responce. I felt with good job
of AntiSpy beta that I would test the site on my computer
with it. Last time I had to manually remove things.. I
planned to take notes on what I do this.


I ran Adware SE and SpyBot before and both did not remove
everything.. I was able to clean it manual.

http://www.chaptercheats.com/cheat_display/10990.htm



The following is what AntiSpy did not correct and my
actions to correct this. Took system off the network
until fix.

1. http://www.sportsinteraction.com/af/Tk.cfm?
Tsk=Clk00000003090000001960 desktop link on desktop =
I deleted it.

2. At the bottom is my hijackthis.log, use
Hijackthis to remove entries with *** around them
3. Admanger controller will not remove - keeps on
coming back.. will work on it
4. deleted qtohtz.dll and nls files ( callinghome )
in system 32
5. Ran hijackthis again - for admanager
6. Had to boot into safe mode for admanager - clean
up all files. Cookies, temp . also

Scans look good.. I hope This will provide enough info to
stop this..



*** Hi jack this log ***


Logfile of HijackThis v1.99.0
Scan saved at 9:45:45 AM, on 1/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround
Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\umonit.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
***
C:\WINDOWS\system32\qtoghz.exe
C:\WINDOWS\utujgr.exe
C:\Program Files\Admanager Controller\AdManCtl.exe
***
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
***
C:\Program Files\Admanager Controller\AdManKeep.exe
***
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\cmd.exe
C:\Documents and
Settings\Administrator\Desktop\Utilities\HijackThis.exe

***
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://www.exactsearch.net/sidesearch
***
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-
70EB5BE2F076} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-
001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-
8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {69135BDE-5FDC-4B61-98AA-
82AD2091BCCC} - (no file)
O4 - HKLM\..\Run: [CTSysVol] C:\Program
Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program
Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program
Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32
\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32
\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program
Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer]
KHALMNPR.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
***
O4 - HKLM\..\Run: [xoehbiandom] C:\WINDOWS\system32
\qtoghz.exe
O4 - HKLM\..\Run: [utujgr] C:\WINDOWS\utujgr.exe
***
O4 - HKLM\..\Run: [Admanager Controller] C:\Program
Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner]
C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft
Money\System\Money Express.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program
Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Steam] G:\Program
Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32
\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program
Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick
Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11
\ONENOTEM.EXE
O4 - Global Startup: TabUserW.exe.lnk =
C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search -
res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -
res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth -
C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages -
res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\j2re1.4.2_05
\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-
070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-
00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program
Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-
3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {A80F2DB2-80A9-4834-8F5A-
4AB70F4EF4C3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9-4834-
8F5A-4AB70F4EF4C3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-
9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-
C863-46ef-9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E}
(MetaStreamCtl Class) -
http://components.metastream.com/MTSInstallers/MetaStream3
..cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}
(Creative Software AutoUpdate) -
http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC
Class) -
http://transfers.one.microsoft.com/FTM/TransferSource/grTr
ansferCtrl.cab
**
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} -
http://69.56.176.78/webplugin.cab
**
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29}
(Creative Software AutoUpdate Support Package) -
http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-
00C04F8EC294} - C:\Program Files\Common Files\Microsoft
Shared\Help\hxds.dll
O23 - Service: Bluetooth Service - WIDCOMM, Inc. -
C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access -
Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: LicCtrl Service - Unknown -
C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. -
C:\WINDOWS\system32\Tablet.exe


By the way, the report program does not seem to work - so
I used this - plus it can not give detail information.

 

[Bill Sanderson]

Thanks for the report! When I go to that site I get a privacy report
indicating that they are a Gator associate, and that cookies from Gator are
blocked, according to my settings.

IE6 SP2 is unaffected, but it definitely looks like a site to avoid.

After christmas, I was searching for XBox game info and
ran into site that downloaded some really bad spyware. I
fix the problem manually after 3 days of work. Anyway I
try out this beta and I love it. I was brave enought to
find the site and give it a try.

Here is information that I found about my experiences and
what I had to fix it. Hope this will help make the
software even better

The following site is a really bad site and really ads a
lot of spyware on to the system. I found this earlier and
sent messages to security responce. I felt with good job
of AntiSpy beta that I would test the site on my computer
with it. Last time I had to manually remove things.. I
planned to take notes on what I do this.


I ran Adware SE and SpyBot before and both did not remove
everything.. I was able to clean it manual.

http://www.chaptercheats.com/cheat_display/10990.htm



The following is what AntiSpy did not correct and my
actions to correct this. Took system off the network
until fix.

1. http://www.sportsinteraction.com/af/Tk.cfm?
Tsk=Clk00000003090000001960 desktop link on desktop =
I deleted it.

2. At the bottom is my hijackthis.log, use
Hijackthis to remove entries with *** around them
3. Admanger controller will not remove - keeps on
coming back.. will work on it
4. deleted qtohtz.dll and nls files ( callinghome )
in system 32
5. Ran hijackthis again - for admanager
6. Had to boot into safe mode for admanager - clean
up all files. Cookies, temp . also

Scans look good.. I hope This will provide enough info to
stop this..



*** Hi jack this log ***


Logfile of HijackThis v1.99.0
Scan saved at 9:45:45 AM, on 1/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround
Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\umonit.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
***
C:\WINDOWS\system32\qtoghz.exe
C:\WINDOWS\utujgr.exe
C:\Program Files\Admanager Controller\AdManCtl.exe
***
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
***
C:\Program Files\Admanager Controller\AdManKeep.exe
***
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\cmd.exe
C:\Documents and
Settings\Administrator\Desktop\Utilities\HijackThis.exe

***
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://www.exactsearch.net/sidesearch
***
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-
70EB5BE2F076} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-
001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-
8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {69135BDE-5FDC-4B61-98AA-
82AD2091BCCC} - (no file)
O4 - HKLM\..\Run: [CTSysVol] C:\Program
Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program
Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program
Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32
\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32
\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program
Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer]
KHALMNPR.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
***
O4 - HKLM\..\Run: [xoehbiandom] C:\WINDOWS\system32
\qtoghz.exe
O4 - HKLM\..\Run: [utujgr] C:\WINDOWS\utujgr.exe
***
O4 - HKLM\..\Run: [Admanager Controller] C:\Program
Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner]
C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft
Money\System\Money Express.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program
Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Steam] G:\Program
Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32
\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program
Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick
Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11
\ONENOTEM.EXE
O4 - Global Startup: TabUserW.exe.lnk =
C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search -
res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -
res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth -
C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages -
res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\j2re1.4.2_05
\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-
070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-
00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program
Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-
3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {A80F2DB2-80A9-4834-8F5A-
4AB70F4EF4C3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9-4834-
8F5A-4AB70F4EF4C3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-
9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-
C863-46ef-9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E}
(MetaStreamCtl Class) -
http://components.metastream.com/MTSInstallers/MetaStream3
.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}
(Creative Software AutoUpdate) -
http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC
Class) -
http://transfers.one.microsoft.com/FTM/TransferSource/grTr
ansferCtrl.cab
**
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} -
http://69.56.176.78/webplugin.cab
**
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29}
(Creative Software AutoUpdate Support Package) -
http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-
00C04F8EC294} - C:\Program Files\Common Files\Microsoft
Shared\Help\hxds.dll
O23 - Service: Bluetooth Service - WIDCOMM, Inc. -
C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access -
Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: LicCtrl Service - Unknown -
C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. -
C:\WINDOWS\system32\Tablet.exe


By the way, the report program does not seem to work - so
I used this - plus it can not give detail information.

 

[Stewart]

One thing to note, I have Windows XP Pro with SP2 loaded
with latest patches. IE6 SP2 was affected in my situation
because ones mark with *** around them ***, Microsoft
AntiSpy did not catch.

As MSDN member, I installed a version of XP Home on
Virtual PC at home for dealing with such things. I
really like Microsoft's AntiSpyware software and I hope
by time its fully release that it has options to be
almost automatic.

I still think that Microsoft needs to fix something in XP
and/or IE so that these Pestie beasts don't cause users
problem. The real bad one here is "Admanager Controller".
Why was this software able to load without prompting to
be loaded? Also why was so hard to removed, I had to go
to safe mode to remove it.

-----Original Message-----
Thanks for the report! When I go to that site I get a privacy report
indicating that they are a Gator associate, and that cookies from Gator are
blocked, according to my settings.

IE6 SP2 is unaffected, but it definitely looks like a site to avoid.

After christmas, I was searching for XBox game info and
ran into site that downloaded some really bad spyware. I
fix the problem manually after 3 days of work. Anyway I
try out this beta and I love it. I was brave enought to
find the site and give it a try.

Here is information that I found about my experiences and
what I had to fix it. Hope this will help make the
software even better

The following site is a really bad site and really ads a
lot of spyware on to the system. I found this earlier and
sent messages to security responce. I felt with good job
of AntiSpy beta that I would test the site on my computer
with it. Last time I had to manually remove things.. I
planned to take notes on what I do this.


I ran Adware SE and SpyBot before and both did not remove
everything.. I was able to clean it manual.

http://www.chaptercheats.com/cheat_display/10990.htm



The following is what AntiSpy did not correct and my
actions to correct this. Took system off the network
until fix.

1. http://www.sportsinteraction.com/af/Tk.cfm?
Tsk=Clk00000003090000001960 desktop link on desktop =
I deleted it.

2. At the bottom is my hijackthis.log, use
Hijackthis to remove entries with *** around them
3. Admanger controller will not remove - keeps on
coming back.. will work on it
4. deleted qtohtz.dll and nls files ( callinghome )
in system 32
5. Ran hijackthis again - for admanager
6. Had to boot into safe mode for admanager - clean
up all files. Cookies, temp . also

Scans look good.. I hope This will provide enough info to
stop this..



*** Hi jack this log ***


Logfile of HijackThis v1.99.0
Scan saved at 9:45:45 AM, on 1/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround
Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2 \DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\umonit.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
***
C:\WINDOWS\system32\qtoghz.exe
C:\WINDOWS\utujgr.exe
C:\Program Files\Admanager Controller\AdManCtl.exe
***
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
***
C:\Program Files\Admanager Controller\AdManKeep.exe
***
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\cmd.exe
C:\Documents and
Settings\Administrator\Desktop\Utilities\HijackThis.exe

***
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://www.exactsearch.net/sidesearch
***
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21- A8DC-
70EB5BE2F076} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59- B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-
001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-
8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {69135BDE-5FDC-4B61-98AA-
82AD2091BCCC} - (no file)
O4 - HKLM\..\Run: [CTSysVol] C:\Program
Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program
Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program
Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32
\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32 \umonit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32
\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program
Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer]
KHALMNPR.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
***
O4 - HKLM\..\Run: [xoehbiandom] C:\WINDOWS\system32
\qtoghz.exe
O4 - HKLM\..\Run: [utujgr] C:\WINDOWS\utujgr.exe
***
O4 - HKLM\..\Run: [Admanager Controller] C:\Program
Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner]
C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft
Money\System\Money Express.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program
Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Steam] G:\Program
Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32
\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program
Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick
Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11
\ONENOTEM.EXE
O4 - Global Startup: TabUserW.exe.lnk =
C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search -
res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -
res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth -
C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages -
res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF- AAA5-
00401C608501} - C:\Program Files\Java\j2re1.4.2_05
\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-
070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3- 9307-
00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program
Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-
3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11 \REFIEBAR.DLL
O9 - Extra button: (no name) - {A80F2DB2-80A9-4834- 8F5A-
4AB70F4EF4C3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9-4834-
8F5A-4AB70F4EF4C3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863- 46ef-
9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-
C863-46ef-9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2- BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E}
(MetaStreamCtl Class) -
http://components.metastream.com/MTSInstallers/MetaStream3
.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}
(Creative Software AutoUpdate) -
http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/? linkid=34738&clcid=0x409
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC
Class) -
http://transfers.one.microsoft.com/FTM/TransferSource/grTr
ansferCtrl.cab
**
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} -
http://69.56.176.78/webplugin.cab
**
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29}
(Creative Software AutoUpdate Support Package) -
http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-
00C04F8EC294} - C:\Program Files\Common Files\Microsoft
Shared\Help\hxds.dll
O23 - Service: Bluetooth Service - WIDCOMM, Inc. -
C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access -
Creative Technology Ltd - C:\WINDOWS\System32 \CTSvcCDA.EXE
O23 - Service: LicCtrl Service - Unknown -
C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. -
C:\WINDOWS\system32\Tablet.exe


By the way, the report program does not seem to work - so
I used this - plus it can not give detail information.

.

 

[Bill Sanderson]

Well - you're one up on me. I've got Virtual PC running, and Windows 2000
loaded into it, but for reasons I haven't determined the screen painting
performance is abysmal--I have to wipe the screen with the mouse in order to
see what is happening. I'm sure this is something fixable, but I haven't
spotted the fix yet!

One thing to note, I have Windows XP Pro with SP2 loaded
with latest patches. IE6 SP2 was affected in my situation
because ones mark with *** around them ***, Microsoft
AntiSpy did not catch.

As MSDN member, I installed a version of XP Home on
Virtual PC at home for dealing with such things. I
really like Microsoft's AntiSpyware software and I hope
by time its fully release that it has options to be
almost automatic.

I still think that Microsoft needs to fix something in XP
and/or IE so that these Pestie beasts don't cause users
problem. The real bad one here is "Admanager Controller".
Why was this software able to load without prompting to
be loaded? Also why was so hard to removed, I had to go
to safe mode to remove it.

-----Original Message-----
Thanks for the report! When I go to that site I get a privacy report
indicating that they are a Gator associate, and that cookies from Gator are
blocked, according to my settings.

IE6 SP2 is unaffected, but it definitely looks like a site to avoid.

After christmas, I was searching for XBox game info and
ran into site that downloaded some really bad spyware. I
fix the problem manually after 3 days of work. Anyway I
try out this beta and I love it. I was brave enought to
find the site and give it a try.

Here is information that I found about my experiences and
what I had to fix it. Hope this will help make the
software even better

The following site is a really bad site and really ads a
lot of spyware on to the system. I found this earlier and
sent messages to security responce. I felt with good job
of AntiSpy beta that I would test the site on my computer
with it. Last time I had to manually remove things.. I
planned to take notes on what I do this.


I ran Adware SE and SpyBot before and both did not remove
everything.. I was able to clean it manual.

http://www.chaptercheats.com/cheat_display/10990.htm



The following is what AntiSpy did not correct and my
actions to correct this. Took system off the network
until fix.

1. http://www.sportsinteraction.com/af/Tk.cfm?
Tsk=Clk00000003090000001960 desktop link on desktop =
I deleted it.

2. At the bottom is my hijackthis.log, use
Hijackthis to remove entries with *** around them
3. Admanger controller will not remove - keeps on
coming back.. will work on it
4. deleted qtohtz.dll and nls files ( callinghome )
in system 32
5. Ran hijackthis again - for admanager
6. Had to boot into safe mode for admanager - clean
up all files. Cookies, temp . also

Scans look good.. I hope This will provide enough info to
stop this..



*** Hi jack this log ***


Logfile of HijackThis v1.99.0
Scan saved at 9:45:45 AM, on 1/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround
Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2 \DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\umonit.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
***
C:\WINDOWS\system32\qtoghz.exe
C:\WINDOWS\utujgr.exe
C:\Program Files\Admanager Controller\AdManCtl.exe
***
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
***
C:\Program Files\Admanager Controller\AdManKeep.exe
***
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\cmd.exe
C:\Documents and
Settings\Administrator\Desktop\Utilities\HijackThis.exe

***
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://www.exactsearch.net/sidesearch
***
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21- A8DC-
70EB5BE2F076} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59- B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-
001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-
8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {69135BDE-5FDC-4B61-98AA-
82AD2091BCCC} - (no file)
O4 - HKLM\..\Run: [CTSysVol] C:\Program
Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program
Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program
Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32
\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32 \umonit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32
\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program
Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer]
KHALMNPR.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
***
O4 - HKLM\..\Run: [xoehbiandom] C:\WINDOWS\system32
\qtoghz.exe
O4 - HKLM\..\Run: [utujgr] C:\WINDOWS\utujgr.exe
***
O4 - HKLM\..\Run: [Admanager Controller] C:\Program
Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner]
C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft
Money\System\Money Express.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program
Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Steam] G:\Program
Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32
\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program
Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick
Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11
\ONENOTEM.EXE
O4 - Global Startup: TabUserW.exe.lnk =
C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search -
res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -
res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth -
C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages -
res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF- AAA5-
00401C608501} - C:\Program Files\Java\j2re1.4.2_05
\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-
070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3- 9307-
00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program
Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-
3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11 \REFIEBAR.DLL
O9 - Extra button: (no name) - {A80F2DB2-80A9-4834- 8F5A-
4AB70F4EF4C3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9-4834-
8F5A-4AB70F4EF4C3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863- 46ef-
9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-
C863-46ef-9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2- BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E}
(MetaStreamCtl Class) -
http://components.metastream.com/MTSInstallers/MetaStream3
.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}
(Creative Software AutoUpdate) -
http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/? linkid=34738&clcid=0x409
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC
Class) -
http://transfers.one.microsoft.com/FTM/TransferSource/grTr
ansferCtrl.cab
**
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} -
http://69.56.176.78/webplugin.cab
**
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29}
(Creative Software AutoUpdate Support Package) -
http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-
00C04F8EC294} - C:\Program Files\Common Files\Microsoft
Shared\Help\hxds.dll
O23 - Service: Bluetooth Service - WIDCOMM, Inc. -
C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access -
Creative Technology Ltd - C:\WINDOWS\System32 \CTSvcCDA.EXE
O23 - Service: LicCtrl Service - Unknown -
C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. -
C:\WINDOWS\system32\Tablet.exe


By the way, the report program does not seem to work - so
I used this - plus it can not give detail information.

.

 

[Stewart Hyde]

If you don't have it already done.. do the following with
Virtual PC.

1. Make sure that Virtual PC SP1 is installed
2. Make sure to install Virtual PC addons.

I also believe Windows 2000 will be a lot more vulnable
to Adware and Virus then XP. For me XP Home was my
choice - because I didn't need the Pro stuff and it
didn't take a way from my 10 MSDN Licenses.

If I ever need to surf in places which could be
potentially bad, I will do it with Virtual PC session. It
is slower but it will not harm the main system. I found
that game sites seem to be worst for adware. Another
good advantage of Virtual PC session, if it really bad,
just restore the files that Virtual PC uses.

-----Original Message-----
Well - you're one up on me. I've got Virtual PC running, and Windows 2000
loaded into it, but for reasons I haven't determined the screen painting
performance is abysmal--I have to wipe the screen with the mouse in order to
see what is happening. I'm sure this is something fixable, but I haven't
spotted the fix yet!

One thing to note, I have Windows XP Pro with SP2 loaded
with latest patches. IE6 SP2 was affected in my situation
because ones mark with *** around them ***, Microsoft
AntiSpy did not catch.

As MSDN member, I installed a version of XP Home on
Virtual PC at home for dealing with such things. I
really like Microsoft's AntiSpyware software and I hope
by time its fully release that it has options to be
almost automatic.

I still think that Microsoft needs to fix something in XP
and/or IE so that these Pestie beasts don't cause users
problem. The real bad one here is "Admanager Controller".
Why was this software able to load without prompting to
be loaded? Also why was so hard to removed, I had to go
to safe mode to remove it.

-----Original Message-----
Thanks for the report! When I go to that site I get a privacy report
indicating that they are a Gator associate, and that cookies from Gator are
blocked, according to my settings.

IE6 SP2 is unaffected, but it definitely looks like a site to avoid.

"Stewart" <[email protected]> wrote

in
message

After christmas, I was searching for XBox game info and
ran into site that downloaded some really bad

spyware.
I

fix the problem manually after 3 days of work. Anyway I
try out this beta and I love it. I was brave enought to
find the site and give it a try.

Here is information that I found about my experiences and
what I had to fix it. Hope this will help make the
software even better

The following site is a really bad site and really

ads
a

lot of spyware on to the system. I found this earlier and
sent messages to security responce. I felt with good job
of AntiSpy beta that I would test the site on my computer
with it. Last time I had to manually remove things.. I
planned to take notes on what I do this.


I ran Adware SE and SpyBot before and both did not remove
everything.. I was able to clean it manual.

http://www.chaptercheats.com/cheat_display/10990.htm



The following is what AntiSpy did not correct and my
actions to correct this. Took system off the network
until fix.

1. http://www.sportsinteraction.com/af/Tk.cfm?
Tsk=Clk00000003090000001960 desktop link on desktop =
I deleted it.

2. At the bottom is my hijackthis.log, use
Hijackthis to remove entries with *** around them
3. Admanger controller will not remove - keeps on
coming back.. will work on it
4. deleted qtohtz.dll and nls files ( callinghome )
in system 32
5. Ran hijackthis again - for admanager
6. Had to boot into safe mode for admanager - clean
up all files. Cookies, temp . also

Scans look good.. I hope This will provide enough

info
to

stop this..



*** Hi jack this log ***


Logfile of HijackThis v1.99.0
Scan saved at 9:45:45 AM, on 1/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround
Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2 \DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\umonit.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
***
C:\WINDOWS\system32\qtoghz.exe
C:\WINDOWS\utujgr.exe
C:\Program Files\Admanager Controller\AdManCtl.exe
***
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
***
C:\Program Files\Admanager Controller\AdManKeep.exe
***
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Microsoft Office\OFFICE11 \ONENOTEM.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11 \WINWORD.EXE
C:\WINDOWS\system32\cmd.exe
C:\Documents and
Settings\Administrator\Desktop\Utilities\HijackThis.exe

***
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://www.exactsearch.net/sidesearch
***
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21- A8DC-
70EB5BE2F076} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59- B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF- 8E15-
001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD- 4d91-
8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {69135BDE-5FDC-4B61-98AA-
82AD2091BCCC} - (no file)
O4 - HKLM\..\Run: [CTSysVol] C:\Program
Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program
Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program
Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32
\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32 \umonit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32
\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program
Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer]
KHALMNPR.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
***
O4 - HKLM\..\Run: [xoehbiandom] C:\WINDOWS\system32
\qtoghz.exe
O4 - HKLM\..\Run: [utujgr] C:\WINDOWS\utujgr.exe
***
O4 - HKLM\..\Run: [Admanager Controller] C:\Program
Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner]
C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft
Money\System\Money Express.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program
Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Steam] G:\Program
Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32
\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program
Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick
Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11
\ONENOTEM.EXE
O4 - Global Startup: TabUserW.exe.lnk =
C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search -
res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -
res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth -
C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages -
res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF- AAA5-
00401C608501} - C:\Program Files\Java\j2re1.4.2_05
\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-
070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3- 9307-
00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program
Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8- B9BE-
3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11 \REFIEBAR.DLL
O9 - Extra button: (no name) - {A80F2DB2-80A9-4834- 8F5A-
4AB70F4EF4C3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9- 4834-
8F5A-4AB70F4EF4C3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863- 46ef-
9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-
C863-46ef-9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2- BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E}
(MetaStreamCtl Class) -

http://components.metastream.com/MTSInstallers/MetaStream3

.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}
(Creative Software AutoUpdate) -
http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/? linkid=34738&clcid=0x409
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC
Class) -

http://transfers.one.microsoft.com/FTM/TransferSource/grTr

ansferCtrl.cab
**
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} -
http://69.56.176.78/webplugin.cab
**
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29}
(Creative Software AutoUpdate Support Package) -
http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-
00C04F8EC294} - C:\Program Files\Common Files\Microsoft
Shared\Help\hxds.dll
O23 - Service: Bluetooth Service - WIDCOMM, Inc. -
C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access -
Creative Technology Ltd - C:\WINDOWS\System32 \CTSvcCDA.EXE
O23 - Service: LicCtrl Service - Unknown -
C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. -
C:\WINDOWS\system32\Tablet.exe


By the way, the report program does not seem to

work -
so

I used this - plus it can not give detail information.


.

.

 

[Bill Sanderson]

It looks like what I did wrong was:

Install VPC, install Windows 2000, install add-ons, then install SP1,
without removing the add-ons, but I'm not out of the woods yet.

I removed the add-ons and patched 2k to date, but now I'm having trouble
again, installing the add-ons.

If you don't have it already done.. do the following with
Virtual PC.

1. Make sure that Virtual PC SP1 is installed
2. Make sure to install Virtual PC addons.

I also believe Windows 2000 will be a lot more vulnable
to Adware and Virus then XP. For me XP Home was my
choice - because I didn't need the Pro stuff and it
didn't take a way from my 10 MSDN Licenses.

If I ever need to surf in places which could be
potentially bad, I will do it with Virtual PC session. It
is slower but it will not harm the main system. I found
that game sites seem to be worst for adware. Another
good advantage of Virtual PC session, if it really bad,
just restore the files that Virtual PC uses.

-----Original Message-----
Well - you're one up on me. I've got Virtual PC running, and Windows 2000
loaded into it, but for reasons I haven't determined the screen painting
performance is abysmal--I have to wipe the screen with the mouse in order to
see what is happening. I'm sure this is something fixable, but I haven't
spotted the fix yet!

One thing to note, I have Windows XP Pro with SP2 loaded
with latest patches. IE6 SP2 was affected in my situation
because ones mark with *** around them ***, Microsoft
AntiSpy did not catch.

As MSDN member, I installed a version of XP Home on
Virtual PC at home for dealing with such things. I
really like Microsoft's AntiSpyware software and I hope
by time its fully release that it has options to be
almost automatic.

I still think that Microsoft needs to fix something in XP
and/or IE so that these Pestie beasts don't cause users
problem. The real bad one here is "Admanager Controller".
Why was this software able to load without prompting to
be loaded? Also why was so hard to removed, I had to go
to safe mode to remove it.

-----Original Message-----
Thanks for the report! When I go to that site I get a
privacy report
indicating that they are a Gator associate, and that
cookies from Gator are
blocked, according to my settings.

IE6 SP2 is unaffected, but it definitely looks like a
site to avoid.

message
After christmas, I was searching for XBox game info and
ran into site that downloaded some really bad spyware.
I
fix the problem manually after 3 days of work. Anyway I
try out this beta and I love it. I was brave enought to
find the site and give it a try.

Here is information that I found about my experiences
and
what I had to fix it. Hope this will help make the
software even better

The following site is a really bad site and really ads
a
lot of spyware on to the system. I found this earlier
and
sent messages to security responce. I felt with good
job
of AntiSpy beta that I would test the site on my
computer
with it. Last time I had to manually remove things.. I
planned to take notes on what I do this.


I ran Adware SE and SpyBot before and both did not
remove
everything.. I was able to clean it manual.

http://www.chaptercheats.com/cheat_display/10990.htm



The following is what AntiSpy did not correct and my
actions to correct this. Took system off the network
until fix.

1. http://www.sportsinteraction.com/af/Tk.cfm?
Tsk=Clk00000003090000001960 desktop link on desktop
=
I deleted it.

2. At the bottom is my hijackthis.log, use
Hijackthis to remove entries with *** around them
3. Admanger controller will not remove - keeps on
coming back.. will work on it
4. deleted qtohtz.dll and nls files ( callinghome )
in system 32
5. Ran hijackthis again - for admanager
6. Had to boot into safe mode for admanager - clean
up all files. Cookies, temp . also

Scans look good.. I hope This will provide enough info
to
stop this..



*** Hi jack this log ***


Logfile of HijackThis v1.99.0
Scan saved at 9:45:45 AM, on 1/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround
Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2
\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\umonit.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
***
C:\WINDOWS\system32\qtoghz.exe
C:\WINDOWS\utujgr.exe
C:\Program Files\Admanager Controller\AdManCtl.exe
***
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Microsoft Money\System\Money
Express.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
***
C:\Program Files\Admanager Controller\AdManKeep.exe
***
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Microsoft Office\OFFICE11 \ONENOTEM.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11 \WINWORD.EXE
C:\WINDOWS\system32\cmd.exe
C:\Documents and
Settings\Administrator\Desktop\Utilities\HijackThis.exe

***
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://www.exactsearch.net/sidesearch
***
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-
A8DC-
70EB5BE2F076} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-
B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF- 8E15-
001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD- 4d91-
8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {69135BDE-5FDC-4B61-98AA-
82AD2091BCCC} - (no file)
O4 - HKLM\..\Run: [CTSysVol] C:\Program
Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program
Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program
Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32
\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32
\umonit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32
\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program
Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer]
KHALMNPR.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program
Files\Microsoft
AntiSpyware\gcasServ.exe"
***
O4 - HKLM\..\Run: [xoehbiandom] C:\WINDOWS\system32
\qtoghz.exe
O4 - HKLM\..\Run: [utujgr] C:\WINDOWS\utujgr.exe
***
O4 - HKLM\..\Run: [Admanager Controller] C:\Program
Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner]
C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [MoneyAgent] C:\Program
Files\Microsoft
Money\System\Money Express.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program
Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Steam] G:\Program
Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32
\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk =
C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program
Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office OneNote 2003
Quick
Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11
\ONENOTEM.EXE
O4 - Global Startup: TabUserW.exe.lnk =
C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search -
res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -
res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft
Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth -
C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages -
res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-
AAA5-
00401C608501} - C:\Program Files\Java\j2re1.4.2_05
\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-
070F-11D3-9307-00C04FAE2D4F} - C:\Program
Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-
9307-
00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile
Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program
Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8- B9BE-
3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11
\REFIEBAR.DLL
O9 - Extra button: (no name) - {A80F2DB2-80A9-4834-
8F5A-
4AB70F4EF4C3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9- 4834-
8F5A-4AB70F4EF4C3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-
46ef-
9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 -
{CCA281CA-
C863-46ef-9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-
BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E}
(MetaStreamCtl Class) -

http://components.metastream.com/MTSInstallers/MetaStream3
.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}
(Creative Software AutoUpdate) -
http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?
linkid=34738&clcid=0x409
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC
Class) -

http://transfers.one.microsoft.com/FTM/TransferSource/grTr
ansferCtrl.cab
**
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} -
http://69.56.176.78/webplugin.cab
**
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29}
(Creative Software AutoUpdate Support Package) -
http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-
00C04F8EC294} - C:\Program Files\Common Files\Microsoft
Shared\Help\hxds.dll
O23 - Service: Bluetooth Service - WIDCOMM, Inc. -
C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access -
Creative Technology Ltd - C:\WINDOWS\System32
\CTSvcCDA.EXE
O23 - Service: LicCtrl Service - Unknown -
C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology,
Corp. -
C:\WINDOWS\system32\Tablet.exe


By the way, the report program does not seem to work -
so
I used this - plus it can not give detail information.


.

.

 

[Stewart]

The SP1 I was talking about was for Virtual PC and not
Windows.. Here is the steps that I did:

1. Install Virtual PC
2. Install Virtual PC SP1
3. Install Windows XP Home Edition in VPC
4. Install Windows XP 2 SP on XP Home in VPC
5. Peformed Windows Update with full update
6. Install VPC extensions - it was very slow otherwise.

I did notice during my install that Virtual PC had the
wrong network selected - it selected Bluetooth connection
use with my Cell Phone for some reason. Once sellecting
the correct one - it work flawlussly. It was required for
Windows Update.

Please not that 1-4 all were installed off MSDN DVD disk
included in my collection.

Maybe its an issue with Windows 2000.

-----Original Message-----
It looks like what I did wrong was:

Install VPC, install Windows 2000, install add-ons, then install SP1,
without removing the add-ons, but I'm not out of the woods yet.

I removed the add-ons and patched 2k to date, but now I'm having trouble
again, installing the add-ons.

If you don't have it already done.. do the following with
Virtual PC.

1. Make sure that Virtual PC SP1 is installed
2. Make sure to install Virtual PC addons.

I also believe Windows 2000 will be a lot more vulnable
to Adware and Virus then XP. For me XP Home was my
choice - because I didn't need the Pro stuff and it
didn't take a way from my 10 MSDN Licenses.

If I ever need to surf in places which could be
potentially bad, I will do it with Virtual PC session. It
is slower but it will not harm the main system. I found
that game sites seem to be worst for adware. Another
good advantage of Virtual PC session, if it really bad,
just restore the files that Virtual PC uses.

-----Original Message-----
Well - you're one up on me. I've got Virtual PC running, and Windows 2000
loaded into it, but for reasons I haven't determined

the
screen painting

performance is abysmal--I have to wipe the screen with the mouse in order to
see what is happening. I'm sure this is something fixable, but I haven't
spotted the fix yet!

"Stewart" <[email protected]> wrote

in
message

One thing to note, I have Windows XP Pro with SP2 loaded
with latest patches. IE6 SP2 was affected in my situation
because ones mark with *** around them ***, Microsoft
AntiSpy did not catch.

As MSDN member, I installed a version of XP Home on
Virtual PC at home for dealing with such things. I
really like Microsoft's AntiSpyware software and I hope
by time its fully release that it has options to be
almost automatic.

I still think that Microsoft needs to fix something

in
XP

and/or IE so that these Pestie beasts don't cause users
problem. The real bad one here is "Admanager Controller".
Why was this software able to load without prompting to
be loaded? Also why was so hard to removed, I had to go
to safe mode to remove it.

-----Original Message-----
Thanks for the report! When I go to that site I get a
privacy report
indicating that they are a Gator associate, and that
cookies from Gator are
blocked, according to my settings.

IE6 SP2 is unaffected, but it definitely looks like a
site to avoid.

message
After christmas, I was searching for XBox game info and
ran into site that downloaded some really bad spyware.
I
fix the problem manually after 3 days of work. Anyway I
try out this beta and I love it. I was brave

enought
to

find the site and give it a try.

Here is information that I found about my experiences
and
what I had to fix it. Hope this will help make the
software even better

The following site is a really bad site and really ads
a
lot of spyware on to the system. I found this earlier
and
sent messages to security responce. I felt with good
job
of AntiSpy beta that I would test the site on my
computer
with it. Last time I had to manually remove things.. I
planned to take notes on what I do this.


I ran Adware SE and SpyBot before and both did not
remove
everything.. I was able to clean it manual.

http://www.chaptercheats.com/cheat_display/10990.htm



The following is what AntiSpy did not correct and my
actions to correct this. Took system off the network
until fix.

1. http://www.sportsinteraction.com/af/Tk.cfm?
Tsk=Clk00000003090000001960 desktop link on desktop
=
I deleted it.

2. At the bottom is my hijackthis.log, use
Hijackthis to remove entries with *** around them
3. Admanger controller will not remove - keeps on
coming back.. will work on it
4. deleted qtohtz.dll and nls files ( callinghome )
in system 32
5. Ran hijackthis again - for admanager
6. Had to boot into safe mode for admanager - clean
up all files. Cookies, temp . also

Scans look good.. I hope This will provide enough info
to
stop this..



*** Hi jack this log ***


Logfile of HijackThis v1.99.0
Scan saved at 9:45:45 AM, on 1/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround
Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2
\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\umonit.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
***
C:\WINDOWS\system32\qtoghz.exe
C:\WINDOWS\utujgr.exe
C:\Program Files\Admanager Controller\AdManCtl.exe
***
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Microsoft Money\System\Money
Express.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
***
C:\Program Files\Admanager Controller\AdManKeep.exe
***
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Microsoft Office\OFFICE11 \ONENOTEM.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11 \WINWORD.EXE
C:\WINDOWS\system32\cmd.exe
C:\Documents and
Settings\Administrator\Desktop\Utilities\HijackThis.exe

***
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://www.exactsearch.net/sidesearch
***
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD- 4C21-
A8DC-
70EB5BE2F076} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7- 4D59-
B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF- 8E15-
001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD- 4d91-
8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {69135BDE-5FDC-4B61-98AA-
82AD2091BCCC} - (no file)
O4 - HKLM\..\Run: [CTSysVol] C:\Program
Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program
Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program
Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32
\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32
\umonit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32
\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program
Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer]
KHALMNPR.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program
Files\Microsoft
AntiSpyware\gcasServ.exe"
***
O4 - HKLM\..\Run: [xoehbiandom] C:\WINDOWS\system32
\qtoghz.exe
O4 - HKLM\..\Run: [utujgr] C:\WINDOWS\utujgr.exe
***
O4 - HKLM\..\Run: [Admanager Controller] C:\Program
Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner]
C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [MoneyAgent] C:\Program
Files\Microsoft
Money\System\Money Express.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program
Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Steam] G:\Program
Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32
\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk =
C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program
Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office OneNote 2003
Quick
Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11
\ONENOTEM.EXE
O4 - Global Startup: TabUserW.exe.lnk =
C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search -
res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -
res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft
Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth -
C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages -
res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-
AAA5-
00401C608501} - C:\Program Files\Java\j2re1.4.2_05
\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-
070F-11D3-9307-00C04FAE2D4F} - C:\Program
Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-
9307-
00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile
Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program
Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8- B9BE-
3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11
\REFIEBAR.DLL
O9 - Extra button: (no name) - {A80F2DB2-80A9-4834-
8F5A-
4AB70F4EF4C3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9- 4834-
8F5A-4AB70F4EF4C3} - C:\WINDOWS\System32 \shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA- C863-
46ef-
9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 -
{CCA281CA-
C863-46ef-9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-
BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E}
(MetaStreamCtl Class) -

http://components.metastream.com/MTSInstallers/MetaStream3

.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}
(Creative Software AutoUpdate) -
http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?
linkid=34738&clcid=0x409
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC
Class) -

http://transfers.one.microsoft.com/FTM/TransferSource/grTr

ansferCtrl.cab
**
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} -
http://69.56.176.78/webplugin.cab
**
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29}
(Creative Software AutoUpdate Support Package) -
http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-
00C04F8EC294} - C:\Program Files\Common Files\Microsoft
Shared\Help\hxds.dll
O23 - Service: Bluetooth Service - WIDCOMM, Inc. -
C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access -
Creative Technology Ltd - C:\WINDOWS\System32
\CTSvcCDA.EXE
O23 - Service: LicCtrl Service - Unknown -
C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology,
Corp. -
C:\WINDOWS\system32\Tablet.exe


By the way, the report program does not seem to work -
so
I used this - plus it can not give detail information.


.



.

.

 

[Bill Sanderson]

Yes--I was talking about SP1 for the VPC as well. I gather that the
extensions are different between the gold and SP1 versions, and I think my
issue was having Gold extension running with the rest of the VPC at SP1.

Just to confound things, though, I updated my video drivers (ati radeon
9000) from Dell's site.

At any rate, Windows 2000 is up and patched to date, and I'm going to grab a
couple of URL's from these groups and see how it does, after installing MS
Antispyware, and backing up!

The SP1 I was talking about was for Virtual PC and not
Windows.. Here is the steps that I did:

1. Install Virtual PC
2. Install Virtual PC SP1
3. Install Windows XP Home Edition in VPC
4. Install Windows XP 2 SP on XP Home in VPC
5. Peformed Windows Update with full update
6. Install VPC extensions - it was very slow otherwise.

I did notice during my install that Virtual PC had the
wrong network selected - it selected Bluetooth connection
use with my Cell Phone for some reason. Once sellecting
the correct one - it work flawlussly. It was required for
Windows Update.

Please not that 1-4 all were installed off MSDN DVD disk
included in my collection.

Maybe its an issue with Windows 2000.

-----Original Message-----
It looks like what I did wrong was:

Install VPC, install Windows 2000, install add-ons, then install SP1,
without removing the add-ons, but I'm not out of the woods yet.

I removed the add-ons and patched 2k to date, but now I'm having trouble
again, installing the add-ons.

If you don't have it already done.. do the following with
Virtual PC.

1. Make sure that Virtual PC SP1 is installed
2. Make sure to install Virtual PC addons.

I also believe Windows 2000 will be a lot more vulnable
to Adware and Virus then XP. For me XP Home was my
choice - because I didn't need the Pro stuff and it
didn't take a way from my 10 MSDN Licenses.

If I ever need to surf in places which could be
potentially bad, I will do it with Virtual PC session. It
is slower but it will not harm the main system. I found
that game sites seem to be worst for adware. Another
good advantage of Virtual PC session, if it really bad,
just restore the files that Virtual PC uses.

-----Original Message-----
Well - you're one up on me. I've got Virtual PC
running, and Windows 2000
loaded into it, but for reasons I haven't determined the
screen painting
performance is abysmal--I have to wipe the screen with
the mouse in order to
see what is happening. I'm sure this is something
fixable, but I haven't
spotted the fix yet!

message
One thing to note, I have Windows XP Pro with SP2
loaded
with latest patches. IE6 SP2 was affected in my
situation
because ones mark with *** around them ***, Microsoft
AntiSpy did not catch.

As MSDN member, I installed a version of XP Home on
Virtual PC at home for dealing with such things. I
really like Microsoft's AntiSpyware software and I hope
by time its fully release that it has options to be
almost automatic.

I still think that Microsoft needs to fix something in
XP
and/or IE so that these Pestie beasts don't cause users
problem. The real bad one here is "Admanager
Controller".
Why was this software able to load without prompting to
be loaded? Also why was so hard to removed, I had to
go
to safe mode to remove it.

-----Original Message-----
Thanks for the report! When I go to that site I get a
privacy report
indicating that they are a Gator associate, and that
cookies from Gator are
blocked, according to my settings.

IE6 SP2 is unaffected, but it definitely looks like a
site to avoid.

in
message
After christmas, I was searching for XBox game info
and
ran into site that downloaded some really bad
spyware.
I
fix the problem manually after 3 days of work.
Anyway I
try out this beta and I love it. I was brave enought
to
find the site and give it a try.

Here is information that I found about my experiences
and
what I had to fix it. Hope this will help make the
software even better

The following site is a really bad site and really
ads
a
lot of spyware on to the system. I found this earlier
and
sent messages to security responce. I felt with good
job
of AntiSpy beta that I would test the site on my
computer
with it. Last time I had to manually remove
things.. I
planned to take notes on what I do this.


I ran Adware SE and SpyBot before and both did not
remove
everything.. I was able to clean it manual.

http://www.chaptercheats.com/cheat_display/10990.htm



The following is what AntiSpy did not correct and my
actions to correct this. Took system off the network
until fix.

1. http://www.sportsinteraction.com/af/Tk.cfm?
Tsk=Clk00000003090000001960 desktop link on desktop
=
I deleted it.

2. At the bottom is my hijackthis.log, use
Hijackthis to remove entries with *** around them
3. Admanger controller will not remove - keeps on
coming back.. will work on it
4. deleted qtohtz.dll and nls files ( callinghome )
in system 32
5. Ran hijackthis again - for admanager
6. Had to boot into safe mode for admanager - clean
up all files. Cookies, temp . also

Scans look good.. I hope This will provide enough
info
to
stop this..



*** Hi jack this log ***


Logfile of HijackThis v1.99.0
Scan saved at 9:45:45 AM, on 1/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround
Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2
\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\umonit.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
***
C:\WINDOWS\system32\qtoghz.exe
C:\WINDOWS\utujgr.exe
C:\Program Files\Admanager Controller\AdManCtl.exe
***
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Microsoft Money\System\Money
Express.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
***
C:\Program Files\Admanager Controller\AdManKeep.exe
***
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Microsoft Office\OFFICE11
\ONENOTEM.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11
\WINWORD.EXE
C:\WINDOWS\system32\cmd.exe
C:\Documents and

Settings\Administrator\Desktop\Utilities\HijackThis.exe

***
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://www.exactsearch.net/sidesearch
***
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD- 4C21-
A8DC-
70EB5BE2F076} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7- 4D59-
B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-
8E15-
001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-
4d91-
8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {69135BDE-5FDC-4B61-98AA-
82AD2091BCCC} - (no file)
O4 - HKLM\..\Run: [CTSysVol] C:\Program
Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program
Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program
Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32
\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32
\umonit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck]
C:\WINDOWS\system32
\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program
Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction
Layer]
KHALMNPR.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program
Files\Microsoft
AntiSpyware\gcasServ.exe"
***
O4 - HKLM\..\Run: [xoehbiandom] C:\WINDOWS\system32
\qtoghz.exe
O4 - HKLM\..\Run: [utujgr] C:\WINDOWS\utujgr.exe
***
O4 - HKLM\..\Run: [Admanager Controller] C:\Program
Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner]
C:\Program Files\Microsoft
AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [MoneyAgent] C:\Program
Files\Microsoft
Money\System\Money Express.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program
Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Steam] G:\Program
Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32
\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk =
C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk =
C:\Program
Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office OneNote 2003
Quick
Launch.lnk = C:\Program Files\Microsoft
Office\OFFICE11
\ONENOTEM.EXE
O4 - Global Startup: TabUserW.exe.lnk =
C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search -
res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -
res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of
Page -
res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft
Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth -
C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages -
res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into
English -
res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-
AAA5-
00401C608501} - C:\Program Files\Java\j2re1.4.2_05
\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-
070F-11D3-9307-00C04FAE2D4F} - C:\Program
Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-
9307-
00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile
Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program
Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-
B9BE-
3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11
\REFIEBAR.DLL
O9 - Extra button: (no name) - {A80F2DB2-80A9-4834-
8F5A-
4AB70F4EF4C3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9-
4834-
8F5A-4AB70F4EF4C3} - C:\WINDOWS\System32 \shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA- C863-
46ef-
9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth
Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 -
{CCA281CA-
C863-46ef-9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-
BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E}
(MetaStreamCtl Class) -


http://components.metastream.com/MTSInstallers/MetaStream3
.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}
(Creative Software AutoUpdate) -
http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?
linkid=34738&clcid=0x409
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0}
(DLC
Class) -


http://transfers.one.microsoft.com/FTM/TransferSource/grTr
ansferCtrl.cab
**
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} -
http://69.56.176.78/webplugin.cab
**
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29}
(Creative Software AutoUpdate Support Package) -
http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-
00C04F8EC294} - C:\Program Files\Common
Files\Microsoft
Shared\Help\hxds.dll
O23 - Service: Bluetooth Service - WIDCOMM, Inc. -
C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access -
Creative Technology Ltd - C:\WINDOWS\System32
\CTSvcCDA.EXE
O23 - Service: LicCtrl Service - Unknown -
C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology,
Corp. -
C:\WINDOWS\system32\Tablet.exe


By the way, the report program does not seem to
work -
so
I used this - plus it can not give detail
information.


.



.

.

 

[Stewart]

Bill,

I am not sure, I don't believe that Video drivers would
make a difference. Also I not sure which extensioms
actually loaded on my main machine (3.2Ghz P4 with
6800GT, Igig of ram )

I just hope Microsoft test the website listed here and
resolves the spyware issues with the website. Because
this one shows one that is not detected/fixed by the
product and I believe it should be.

Stewart

-----Original Message-----
Yes--I was talking about SP1 for the VPC as well. I gather that the
extensions are different between the gold and SP1 versions, and I think my
issue was having Gold extension running with the rest of the VPC at SP1.

Just to confound things, though, I updated my video drivers (ati radeon
9000) from Dell's site.

At any rate, Windows 2000 is up and patched to date, and I'm going to grab a
couple of URL's from these groups and see how it does, after installing MS
Antispyware, and backing up!

The SP1 I was talking about was for Virtual PC and not
Windows.. Here is the steps that I did:

1. Install Virtual PC
2. Install Virtual PC SP1
3. Install Windows XP Home Edition in VPC
4. Install Windows XP 2 SP on XP Home in VPC
5. Peformed Windows Update with full update
6. Install VPC extensions - it was very slow otherwise.

I did notice during my install that Virtual PC had the
wrong network selected - it selected Bluetooth connection
use with my Cell Phone for some reason. Once sellecting
the correct one - it work flawlussly. It was required for
Windows Update.

Please not that 1-4 all were installed off MSDN DVD disk
included in my collection.

Maybe its an issue with Windows 2000.

-----Original Message-----
It looks like what I did wrong was:

Install VPC, install Windows 2000, install add-ons,

then
install SP1,

without removing the add-ons, but I'm not out of the woods yet.

I removed the add-ons and patched 2k to date, but now I'm having trouble
again, installing the add-ons.

If you don't have it already done.. do the following with
Virtual PC.

1. Make sure that Virtual PC SP1 is installed
2. Make sure to install Virtual PC addons.

I also believe Windows 2000 will be a lot more vulnable
to Adware and Virus then XP. For me XP Home was my
choice - because I didn't need the Pro stuff and it
didn't take a way from my 10 MSDN Licenses.

If I ever need to surf in places which could be
potentially bad, I will do it with Virtual PC

session.
It

is slower but it will not harm the main system. I found
that game sites seem to be worst for adware. Another
good advantage of Virtual PC session, if it really bad,
just restore the files that Virtual PC uses.

-----Original Message-----
Well - you're one up on me. I've got Virtual PC
running, and Windows 2000
loaded into it, but for reasons I haven't determined the
screen painting
performance is abysmal--I have to wipe the screen with
the mouse in order to
see what is happening. I'm sure this is something
fixable, but I haven't
spotted the fix yet!

message
One thing to note, I have Windows XP Pro with SP2
loaded
with latest patches. IE6 SP2 was affected in my
situation
because ones mark with *** around them ***, Microsoft
AntiSpy did not catch.

As MSDN member, I installed a version of XP Home on
Virtual PC at home for dealing with such things. I
really like Microsoft's AntiSpyware software and I hope
by time its fully release that it has options to be
almost automatic.

I still think that Microsoft needs to fix something in
XP
and/or IE so that these Pestie beasts don't cause users
problem. The real bad one here is "Admanager
Controller".
Why was this software able to load without

prompting
to

be loaded? Also why was so hard to removed, I had to
go
to safe mode to remove it.

-----Original Message-----
Thanks for the report! When I go to that site I

get
a

privacy report
indicating that they are a Gator associate, and that
cookies from Gator are
blocked, according to my settings.

IE6 SP2 is unaffected, but it definitely looks like a
site to avoid.

in
message
After christmas, I was searching for XBox game info
and
ran into site that downloaded some really bad
spyware.
I
fix the problem manually after 3 days of work.
Anyway I
try out this beta and I love it. I was brave enought
to
find the site and give it a try.

Here is information that I found about my experiences
and
what I had to fix it. Hope this will help make the
software even better

The following site is a really bad site and really
ads
a
lot of spyware on to the system. I found this earlier
and
sent messages to security responce. I felt with good
job
of AntiSpy beta that I would test the site on my
computer
with it. Last time I had to manually remove
things.. I
planned to take notes on what I do this.


I ran Adware SE and SpyBot before and both did not
remove
everything.. I was able to clean it manual.

http://www.chaptercheats.com/cheat_display/10990.htm



The following is what AntiSpy did not correct and my
actions to correct this. Took system off the network
until fix.

1. http://www.sportsinteraction.com/af/Tk.cfm?
Tsk=Clk00000003090000001960 desktop link on desktop
=
I deleted it.

2. At the bottom is my hijackthis.log, use
Hijackthis to remove entries with *** around them
3. Admanger controller will not remove - keeps on
coming back.. will work on it
4. deleted qtohtz.dll and nls files ( callinghome )
in system 32
5. Ran hijackthis again - for admanager
6. Had to boot into safe mode for admanager - clean
up all files. Cookies, temp . also

Scans look good.. I hope This will provide enough
info
to
stop this..



*** Hi jack this log ***


Logfile of HijackThis v1.99.0
Scan saved at 9:45:45 AM, on 1/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround
Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2
\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\umonit.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05 \bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
***
C:\WINDOWS\system32\qtoghz.exe
C:\WINDOWS\utujgr.exe
C:\Program Files\Admanager Controller\AdManCtl.exe
***
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Microsoft Money\System\Money
Express.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
***
C:\Program Files\Admanager Controller\AdManKeep.exe
***
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Microsoft Office\OFFICE11
\ONENOTEM.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11
\WINWORD.EXE
C:\WINDOWS\system32\cmd.exe
C:\Documents and

Settings\Administrator\Desktop\Utilities\HijackThis.exe

***
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://www.exactsearch.net/sidesearch
***
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD- 4C21-
A8DC-
70EB5BE2F076} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7- 4D59-
B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895- 11CF-
8E15-
001234567890} - C:\WINDOWS\system32 \dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-
4d91-
8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {69135BDE-5FDC-4B61- 98AA-
82AD2091BCCC} - (no file)
O4 - HKLM\..\Run: [CTSysVol] C:\Program
Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program
Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program
Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32
\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32
\umonit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck]
C:\WINDOWS\system32
\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program
Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction
Layer]
KHALMNPR.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program
Files\Microsoft
AntiSpyware\gcasServ.exe"
***
O4 - HKLM\..\Run: [xoehbiandom] C:\WINDOWS\system32
\qtoghz.exe
O4 - HKLM\..\Run: [utujgr] C:\WINDOWS\utujgr.exe
***
O4 - HKLM\..\Run: [Admanager Controller] C:\Program
Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner]
C:\Program Files\Microsoft
AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [MoneyAgent] C:\Program
Files\Microsoft
Money\System\Money Express.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program
Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Steam] G:\Program
Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32
\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk =
C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk =
C:\Program
Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office OneNote 2003
Quick
Launch.lnk = C:\Program Files\Microsoft
Office\OFFICE11
\ONENOTEM.EXE
O4 - Global Startup: TabUserW.exe.lnk =
C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search -
res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -
res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of
Page -
res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft
Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11 \EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth -
C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages -
res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into
English -
res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB- 11CF-
AAA5-
00401C608501} - C:\Program Files\Java\j2re1.4.2_05
\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-
070F-11D3-9307-00C04FAE2D4F} - C:\Program
Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F- 11D3-
9307-
00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile
Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program
Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC- 41C8-
B9BE-
3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11
\REFIEBAR.DLL
O9 - Extra button: (no name) - {A80F2DB2-80A9- 4834-
8F5A-
4AB70F4EF4C3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2- 80A9-
4834-
8F5A-4AB70F4EF4C3} - C:\WINDOWS\System32 \shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA- C863-
46ef-
9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth
Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 -
{CCA281CA-
C863-46ef-9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110- 11d2-
BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E}
(MetaStreamCtl Class) -

http://components.metastream.com/MTSInstallers/MetaStream3

.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}
(Creative Software AutoUpdate) -
http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?
linkid=34738&clcid=0x409
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0}
(DLC
Class) -

http://transfers.one.microsoft.com/FTM/TransferSource/grTr

ansferCtrl.cab
**
O16 - DPF: {886DDE35-E955-11D0-A707- 000000521958} -
http://69.56.176.78/webplugin.cab
**
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29}
(Creative Software AutoUpdate Support Package) -
http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2- BBCA-
00C04F8EC294} - C:\Program Files\Common
Files\Microsoft
Shared\Help\hxds.dll
O23 - Service: Bluetooth Service - WIDCOMM, Inc. -
C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access -
Creative Technology Ltd - C:\WINDOWS\System32
\CTSvcCDA.EXE
O23 - Service: LicCtrl Service - Unknown -
C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology,
Corp. -
C:\WINDOWS\system32\Tablet.exe


By the way, the report program does not seem to
work -
so
I used this - plus it can not give detail
information.


.



.



.

.

 

[Bill Sanderson]

I believe Microsoft has mechanisms in place to stay in touch with the
current bugs seen in the field, including ones they can't clean yet, and
that their goal is to be able to clean anything that matches their criteria
as published.

So--I'm sure they are working on it, but I can't predict when they'll be
able to handle a given bug.

Bill,

I am not sure, I don't believe that Video drivers would
make a difference. Also I not sure which extensioms
actually loaded on my main machine (3.2Ghz P4 with
6800GT, Igig of ram )

I just hope Microsoft test the website listed here and
resolves the spyware issues with the website. Because
this one shows one that is not detected/fixed by the
product and I believe it should be.

Stewart

-----Original Message-----
Yes--I was talking about SP1 for the VPC as well. I gather that the
extensions are different between the gold and SP1 versions, and I think my
issue was having Gold extension running with the rest of the VPC at SP1.

Just to confound things, though, I updated my video drivers (ati radeon
9000) from Dell's site.

At any rate, Windows 2000 is up and patched to date, and I'm going to grab a
couple of URL's from these groups and see how it does, after installing MS
Antispyware, and backing up!

The SP1 I was talking about was for Virtual PC and not
Windows.. Here is the steps that I did:

1. Install Virtual PC
2. Install Virtual PC SP1
3. Install Windows XP Home Edition in VPC
4. Install Windows XP 2 SP on XP Home in VPC
5. Peformed Windows Update with full update
6. Install VPC extensions - it was very slow otherwise.

I did notice during my install that Virtual PC had the
wrong network selected - it selected Bluetooth connection
use with my Cell Phone for some reason. Once sellecting
the correct one - it work flawlussly. It was required for
Windows Update.

Please not that 1-4 all were installed off MSDN DVD disk
included in my collection.

Maybe its an issue with Windows 2000.

-----Original Message-----
It looks like what I did wrong was:

Install VPC, install Windows 2000, install add-ons, then
install SP1,
without removing the add-ons, but I'm not out of the
woods yet.

I removed the add-ons and patched 2k to date, but now
I'm having trouble
again, installing the add-ons.

"Stewart Hyde" <[email protected]>
wrote in message
If you don't have it already done.. do the following
with
Virtual PC.

1. Make sure that Virtual PC SP1 is installed
2. Make sure to install Virtual PC addons.

I also believe Windows 2000 will be a lot more vulnable
to Adware and Virus then XP. For me XP Home was my
choice - because I didn't need the Pro stuff and it
didn't take a way from my 10 MSDN Licenses.

If I ever need to surf in places which could be
potentially bad, I will do it with Virtual PC session.
It
is slower but it will not harm the main system. I
found
that game sites seem to be worst for adware. Another
good advantage of Virtual PC session, if it really bad,
just restore the files that Virtual PC uses.

-----Original Message-----
Well - you're one up on me. I've got Virtual PC
running, and Windows 2000
loaded into it, but for reasons I haven't determined
the
screen painting
performance is abysmal--I have to wipe the screen with
the mouse in order to
see what is happening. I'm sure this is something
fixable, but I haven't
spotted the fix yet!

in
message
One thing to note, I have Windows XP Pro with SP2
loaded
with latest patches. IE6 SP2 was affected in my
situation
because ones mark with *** around them ***, Microsoft
AntiSpy did not catch.

As MSDN member, I installed a version of XP Home on
Virtual PC at home for dealing with such things. I
really like Microsoft's AntiSpyware software and I
hope
by time its fully release that it has options to be
almost automatic.

I still think that Microsoft needs to fix something
in
XP
and/or IE so that these Pestie beasts don't cause
users
problem. The real bad one here is "Admanager
Controller".
Why was this software able to load without prompting
to
be loaded? Also why was so hard to removed, I had to
go
to safe mode to remove it.

-----Original Message-----
Thanks for the report! When I go to that site I get
a
privacy report
indicating that they are a Gator associate, and that
cookies from Gator are
blocked, according to my settings.

IE6 SP2 is unaffected, but it definitely looks like a
site to avoid.

in
message
After christmas, I was searching for XBox game info
and
ran into site that downloaded some really bad
spyware.
I
fix the problem manually after 3 days of work.
Anyway I
try out this beta and I love it. I was brave
enought
to
find the site and give it a try.

Here is information that I found about my
experiences
and
what I had to fix it. Hope this will help make the
software even better

The following site is a really bad site and really
ads
a
lot of spyware on to the system. I found this
earlier
and
sent messages to security responce. I felt with
good
job
of AntiSpy beta that I would test the site on my
computer
with it. Last time I had to manually remove
things.. I
planned to take notes on what I do this.


I ran Adware SE and SpyBot before and both did not
remove
everything.. I was able to clean it manual.


http://www.chaptercheats.com/cheat_display/10990.htm



The following is what AntiSpy did not correct and
my
actions to correct this. Took system off the
network
until fix.

1. http://www.sportsinteraction.com/af/Tk.cfm?
Tsk=Clk00000003090000001960 desktop link on
desktop
=
I deleted it.

2. At the bottom is my hijackthis.log, use
Hijackthis to remove entries with *** around them
3. Admanger controller will not remove - keeps on
coming back.. will work on it
4. deleted qtohtz.dll and nls files ( callinghome )
in system 32
5. Ran hijackthis again - for admanager
6. Had to boot into safe mode for admanager - clean
up all files. Cookies, temp . also

Scans look good.. I hope This will provide enough
info
to
stop this..



*** Hi jack this log ***


Logfile of HijackThis v1.99.0
Scan saved at 9:45:45 AM, on 1/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround
Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2
\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\umonit.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05 \bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
***
C:\WINDOWS\system32\qtoghz.exe
C:\WINDOWS\utujgr.exe
C:\Program Files\Admanager Controller\AdManCtl.exe
***
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Microsoft Money\System\Money
Express.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
***
C:\Program Files\Admanager Controller\AdManKeep.exe
***
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft
AntiSpyware\gcasDtServ.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Microsoft Office\OFFICE11
\ONENOTEM.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11
\WINWORD.EXE
C:\WINDOWS\system32\cmd.exe
C:\Documents and

Settings\Administrator\Desktop\Utilities\HijackThis.exe

***
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://www.exactsearch.net/sidesearch
***
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-
4C21-
A8DC-
70EB5BE2F076} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-
4D59-
B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895- 11CF-
8E15-
001234567890} - C:\WINDOWS\system32 \dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-
4d91-
8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {69135BDE-5FDC-4B61- 98AA-
82AD2091BCCC} - (no file)
O4 - HKLM\..\Run: [CTSysVol] C:\Program
Files\Creative\SBAudigy2\Surround
Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program
Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program
Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32
\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32
\umonit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck]
C:\WINDOWS\system32
\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program
Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction
Layer]
KHALMNPR.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program
Files\Microsoft
AntiSpyware\gcasServ.exe"
***
O4 - HKLM\..\Run: [xoehbiandom] C:\WINDOWS\system32
\qtoghz.exe
O4 - HKLM\..\Run: [utujgr] C:\WINDOWS\utujgr.exe
***
O4 - HKLM\..\Run: [Admanager Controller] C:\Program
Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner]
C:\Program Files\Microsoft
AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [MoneyAgent] C:\Program
Files\Microsoft
Money\System\Money Express.exe
O4 - HKCU\..\Run: [H/PC Connection
Agent] "C:\Program
Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Steam] G:\Program
Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32
\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk =
C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk =
C:\Program
Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office OneNote 2003
Quick
Launch.lnk = C:\Program Files\Microsoft
Office\OFFICE11
\ONENOTEM.EXE
O4 - Global Startup: TabUserW.exe.lnk =
C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search -
res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -
res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of
Page -
res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft
Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11 \EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth -
C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages -
res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into
English -
res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB- 11CF-
AAA5-
00401C608501} - C:\Program Files\Java\j2re1.4.2_05
\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-
070F-11D3-9307-00C04FAE2D4F} - C:\Program
Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F- 11D3-
9307-
00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile
Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program
Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC- 41C8-
B9BE-
3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11
\REFIEBAR.DLL
O9 - Extra button: (no name) - {A80F2DB2-80A9- 4834-
8F5A-
4AB70F4EF4C3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2- 80A9-
4834-
8F5A-4AB70F4EF4C3} - C:\WINDOWS\System32
\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-
C863-
46ef-
9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth
Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 -
{CCA281CA-
C863-46ef-9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110- 11d2-
BB9E-
00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E}
(MetaStreamCtl Class) -



http://components.metastream.com/MTSInstallers/MetaStream3
.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}
(Creative Software AutoUpdate) -
http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?
linkid=34738&clcid=0x409
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0}
(DLC
Class) -



http://transfers.one.microsoft.com/FTM/TransferSource/grTr
ansferCtrl.cab
**
O16 - DPF: {886DDE35-E955-11D0-A707- 000000521958} -
http://69.56.176.78/webplugin.cab
**
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29}
(Creative Software AutoUpdate Support Package) -
http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2- BBCA-
00C04F8EC294} - C:\Program Files\Common
Files\Microsoft
Shared\Help\hxds.dll
O23 - Service: Bluetooth Service - WIDCOMM, Inc. -
C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access -
Creative Technology Ltd - C:\WINDOWS\System32
\CTSvcCDA.EXE
O23 - Service: LicCtrl Service - Unknown -
C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service -
NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology,
Corp. -
C:\WINDOWS\system32\Tablet.exe


By the way, the report program does not seem to
work -
so
I used this - plus it can not give detail
information.


.



.



.

.