Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - reno

Pages: [1]

Tech Clinic / Win32 worm Alcan.A

« on: June 01, 2006, 10:44:16 AM »

Hmm ok this is weird, when I run this process after a while it says "please insert your windows xp professional cdrom" the thing however is that I have windows xp home edition

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' />

Tech Clinic / Win32 worm Alcan.A

« on: May 30, 2006, 10:34:21 AM »

Here's the ccleaner backup, I can't figure out which files it were exactly

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"D:\\WINDOWS\\System32\\pxwma.dll"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"D:\\WINDOWS\\System32\\pxsfs.dll"=dword:00000002

[HKEY_CLASSES_ROOT\SysmonLogManager.Snapin]

[HKEY_CLASSES_ROOT\WMPCD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.autoreg]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.autoreg\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bak]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bak\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.be/foto's/]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.be/foto's/\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.be/web-content/]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.be/web-content/\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.be/web-data/]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.be/web-data/\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bfu]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bfu\OpenWithList]
"a"="firefox.exe"
"MRUList"="ba"
"b"="BFU.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cut]
"Application"="NeroPhotoSnapViewer.Files7.cut"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dds]
"Application"="NeroPhotoSnapViewer.Files7.dds"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff]
"Application"="NeroPhotoSnapViewer.Files7.iff"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jng]
"Application"="NeroPhotoSnapViewer.Files7.jng"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.koa]
"Application"="NeroPhotoSnapViewer.Files7.koa"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm]
"Application"="NeroPhotoSnapViewer.Files7.lbm"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ljp]
"Application"="NeroPhotoSnapViewer.Files7.ljp"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lua]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lua\OpenWithList]
"a"="msnmsgr.exe"
"MRUList"="cba"
"b"="NOTEPAD.EXE"
"c"="WORDPAD.EXE"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mng]
"Application"="NeroPhotoSnapViewer.Files7.mng"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPQ]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPQ\OpenWithList]
"a"="NOTEPAD.EXE"
"MRUList"="ba"
"b"="WORDPAD.EXE"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.part]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.part\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd]
"Application"="NeroPhotoSnapViewer.Files7.pcd"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx]
"Application"="NeroPhotoSnapViewer.Files7.pcx"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.properties]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.properties\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfv]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfv\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srt]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srt\OpenWithList]
"a"="vlc.exe"
"MRUList"="a"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.toc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.toc\OpenWithList]
"a"="NOTEPAD.EXE"
"MRUList"="a"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList]
"a"="BT++.exe"
"MRUList"="ab"
"b"="iexplore.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithProgids]
"bittorrent"=hex(0):

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm]
"Application"="NeroPhotoSnapViewer.Files7.xbm"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\OpenWithList]

[HKEY_CLASSES_ROOT\ADCS]
@="Directory-klassecontainer"

[HKEY_CLASSES_ROOT\ADCS\CLSID]
@="{89E30300-764D-11d0-B282-00A0C90F56FC}"

[HKEY_CLASSES_ROOT\Alg.AlgSetup]
@=""

[HKEY_CLASSES_ROOT\Alg.AlgSetup\CLSID]
@="{27D0BCCC-344D-4287-AF37-0C72C161C14C}"

[HKEY_CLASSES_ROOT\Alg.AlgSetup.1]
@=""

[HKEY_CLASSES_ROOT\Alg.AlgSetup.1\CLSID]
@="{27D0BCCC-344D-4287-AF37-0C72C161C14C}"

[HKEY_CLASSES_ROOT\CDDBControlApple.LanguageComponentType.2]
@="CDDBControlApple Class"

[HKEY_CLASSES_ROOT\CDDBControlApple.LanguageComponentType.2\CLSID]
@="{9BFE0984-30BA-6130-374C-14F8B53D8EB8}"

[HKEY_CLASSES_ROOT\ComPlusMetaData.MsCorHost]

[HKEY_CLASSES_ROOT\ComPlusMetaData.MsCorHost\CLSID]
@="{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\ComPlusMetaData.MsCorHost.2]
@="Microsoft COM+ Runtime Meta Data"

[HKEY_CLASSES_ROOT\ComPlusMetaData.MsCorHost.2\CLSID]
@="{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\Connection Manager Profile\DefaultIcon]
@="D:\\WINDOWS\\System32\\CMMGR32.EXE,1"

[HKEY_CLASSES_ROOT\Connection Manager Profile\shell\open]

[HKEY_CLASSES_ROOT\Connection Manager Profile\shell\open\command]
@="D:\\WINDOWS\\System32\\CMMGR32.EXE \"%1\""

[HKEY_CLASSES_ROOT\Connection Manager Profile\shell\Settings...]

[HKEY_CLASSES_ROOT\Connection Manager Profile\shell\Settings...\command]
@="D:\\WINDOWS\\System32\\CMMGR32.EXE /settings \"%1\""

[HKEY_CLASSES_ROOT\CoverDesigner.Files7.cdc\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero CoverDesigner\\CoverDes.exe,1"

[HKEY_CLASSES_ROOT\CoverDesigner.Files7.cdc\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\CoverDesigner.Files7.cdc\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero CoverDesigner\\CoverDes.exe\" \"%1\""

[HKEY_CLASSES_ROOT\CoverDesigner.Files7.ncd\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero CoverDesigner\\CoverDes.exe,1"

[HKEY_CLASSES_ROOT\CoverDesigner.Files7.ncd\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\CoverDesigner.Files7.ncd\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero CoverDesigner\\CoverDes.exe\" \"%1\""

[HKEY_CLASSES_ROOT\HeaderFooter.HeaderFooter.1]
@="Template Printer class"

[HKEY_CLASSES_ROOT\HeaderFooter.HeaderFooter.1\CLSID]
@="{30c3f6cd-98b5-11cf-bb82-00aa00bdce0b}"

[HKEY_CLASSES_ROOT\htmlfile\DefaultIcon]
@="D:\\PROGRA~1\\INTERN~1\\iexplore.avi,1"

[HKEY_CLASSES_ROOT\htmlfile\shell\open]
@="In het&zelfde venster openen"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"D:\\PROGRA~1\\INTERN~1\\iexplore.avi\" -nohome"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\ddeexec]
@="\"file://%1\",,-1,,,,,"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\htmlfile\shell\open\ddeexec\Application]
@="IExplore"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\ddeexec\Topic]
@="WWW_OpenURL"

[HKEY_CLASSES_ROOT\htmlfile\shell\opennew]
@="&Openen"

[HKEY_CLASSES_ROOT\htmlfile\shell\opennew\command]
@="\"D:\\PROGRA~1\\INTERN~1\\iexplore.avi\" %1"

[HKEY_CLASSES_ROOT\htmlfile\shell\opennew\ddeexec]
@="\"%1\",,-1,0,,,,"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\htmlfile\shell\opennew\ddeexec\Application]
@="IExplore"

[HKEY_CLASSES_ROOT\htmlfile\shell\opennew\ddeexec\IfExec]
@="*"

[HKEY_CLASSES_ROOT\htmlfile\shell\opennew\ddeexec\Topic]
@="WWW_OpenURLNewWindow"

[HKEY_CLASSES_ROOT\mhtmlfile\DefaultIcon]
@="D:\\PROGRA~1\\INTERN~1\\iexplore.avi,22"

[HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew]
@="&Openen"

[HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\command]
@="\"D:\\PROGRA~1\\INTERN~1\\iexplore.avi\" %1"

[HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\ddeexec]
@="\"file://%1\",,-1,,,,,"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\ddeexec\Application]
@="IExplore"

[HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\ddeexec\IfExec]
@="*"

[HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\ddeexec\Topic]
@="WWW_OpenURLNewWindow"

[HKEY_CLASSES_ROOT\msbackupfile\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,74,00,\
62,00,61,00,63,00,6b,00,75,00,70,00,2e,00,65,00,78,00,65,00,2c,00,31,00,30,\
00,00,00

[HKEY_CLASSES_ROOT\msbackupfile\shell\Open]
@="O&penen"

[HKEY_CLASSES_ROOT\msbackupfile\shell\Open\Command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,74,00,\
62,00,61,00,63,00,6b,00,75,00,70,00,2e,00,65,00,78,00,65,00,00,00

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival]
@="Audio-cd's converteren naar Nero Digital Audio"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe /Dialog:SaveTracks /Drive:%L"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival]
@="Audio-cd maken"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe /New:AudioCD"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\CopyCD_PlayCDAudioOnArrival]
@="CD kopiëren"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\CopyCD_PlayCDAudioOnArrival\command]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe /New:DiscCopy"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival]
@="CD kopiëren"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe /Dialog:DiscCopy /Drive:%L"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival]
@="Dataschijf maken"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe /New:ISODisc"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival]
@="Nero StartSmart starten"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command]
@="D:\\Program Files\\Nero\\Nero 7\\Nero StartSmart\\NeroStartSmart.exe /AutoPlay"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival]
@="Audio afspelen"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe /Play /Drive:%L"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\PlayDVD_PlayDVDMovieOnArrival]
@="Video afspelen"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\PlayDVD_PlayDVDMovieOnArrival\command]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe /Play /Drive:%L"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival]
@="Video afspelen"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe /Play /Drive:%L"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival]
@="Audio-cd's converteren naar audiobestanden"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe /Dialog:SaveTracks /Drive:%L"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival]
@="Dvd-video hercoderen"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command]
@="D:\\Program Files\\Nero\\Nero 7\\Nero Recode\\Recode.exe /New:CopyDVDVideo"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\VideoCapture_VideoCameraArrival]
@="Video vastleggen"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\VideoCapture_VideoCameraArrival\command]
@="D:\\Program Files\\Nero\\Nero 7\\Nero Vision\\NeroVision.exe /New:VideoCapture"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival]
@="Uw foto's weergeven"

[HKEY_CLASSES_ROOT\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command]
@="D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe /"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.cue\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe,5"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.cue\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.cue\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.img\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe,5"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.img\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.img\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.iso\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe,5"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.iso\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.iso\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nhf\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe,3"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nhf\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nhf\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nhv\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe,8"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nhv\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nhv\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nmd\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe,8"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nmd\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nmd\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nr3\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe,15"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nr3\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nr3\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nr4\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe,18"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nr4\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nr4\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nra\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe,4"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nra\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nra\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrb\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe,2"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrb\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrb\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrc\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe,2"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrc\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrc\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrd\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe,8"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrd\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrd\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nre\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe,17"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nre\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nre\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrg\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe,5"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrg\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrg\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrh\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe,3"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrh\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrh\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nri\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe,2"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nri\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nri\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrm\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe,7"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrm\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrm\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrs\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe,2"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrs\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrs\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nru\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe,2"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nru\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nru\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrv\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe,8"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrv\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrv\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrw\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe,16"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrw\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nrw\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nsd\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe,8"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nsd\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroBurningROM.Files7.nsd\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.cut\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe,1"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.cut\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.cut\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.dds\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe,1"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.dds\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.dds\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.ico\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe,1"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.ico\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.ico\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.iff\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe,1"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.iff\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.iff\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.jfif\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe,1"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.jfif\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.jfif\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.jng\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe,1"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.jng\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.jng\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.koa\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe,1"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.koa\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.koa\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.lbm\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe,1"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.lbm\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.lbm\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.ljp\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe,1"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.ljp\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.ljp\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.mng\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe,1"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.mng\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.mng\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.pbm\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe,1"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.pbm\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.pbm\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.pcd\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe,1"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.pcd\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.pcd\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.pcx\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe,1"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.pcx\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.pcx\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.png\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe,1"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.png\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.png\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.psd\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe,1"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.psd\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.psd\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.tif\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe,1"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.tif\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.tif\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.tiff\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe,1"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.tiff\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.tiff\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.wbm\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe,1"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.wbm\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.wbm\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.wbmp\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe,1"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.wbmp\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.wbmp\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.xbm\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe,1"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.xbm\shell\open]
@="&Openen"

[HKEY_CLASSES_ROOT\NeroPhotoSnapViewer.Files7.xbm\shell\open\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.aac\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.aac\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.aac\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.ac3\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.ac3\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.ac3\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" "

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.aif\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.aif\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.aif\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.aiff\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.aiff\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.aiff\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.asf\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.asf\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.asf\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.avi\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.avi\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.avi\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.avs\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.avs\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.avs\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.bup\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.bup\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.bup\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.cda\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.cda\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.cda\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.dat\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.dat\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.dat\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.divx\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.divx\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.divx\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.dv\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.dv\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.dv\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.dvr-ms\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.dvr-ms\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.dvr-ms\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.ifo\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.ifo\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.ifo\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.m1v\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.m1v\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.m1v\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.m2p\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.m2p\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.m2p\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.m2t\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.m2t\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.m2t\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.m2v\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.m2v\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.m2v\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.m3u\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,1"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.m3u\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.m3u\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.m4a\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.m4a\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.m4a\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mid\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mid\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mid\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.midi\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.midi\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.midi\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mmv\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mmv\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mmv\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mod\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mod\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mod\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mov\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mov\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mov\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mp2\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mp2\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mp2\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mp3\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mp3\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mp3\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mp4\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mp4\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mpa\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mpa\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mpa\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mpeg\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mpeg\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mpeg\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mpg\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,0"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mpg\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.mpg\shell\play\command]
@="\"D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.pls\DefaultIcon]
@="D:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe,1"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.pls\shell\play]
@="S&pelen"

[HKEY_CLASSES_ROOT\NeroShowTime.Files7.pls\she

Tech Clinic / Win32 worm Alcan.A

« on: May 29, 2006, 05:03:43 PM »

Here's the new logs:

ewido anti-malware - Scan rapport
---------------------------------------------------------

+ Gemaakt op:         23:56:26, 29/05/2006
+ Rapport samenvatting:      D59EC6E8

+ Scan resultaten:

   :mozilla.10:D:\Documents and Settings\renaat\Application Data\Mozilla\Firefox\Profiles\ivge6t4b.default\cookies.txt -> TrackingCookie.Yieldmanager : Schoongemaakt met een backup
   :mozilla.11:D:\Documents and Settings\renaat\Application Data\Mozilla\Firefox\Profiles\ivge6t4b.default\cookies.txt -> TrackingCookie.Yieldmanager : Schoongemaakt met een backup
   :mozilla.12:D:\Documents and Settings\renaat\Application Data\Mozilla\Firefox\Profiles\ivge6t4b.default\cookies.txt -> TrackingCookie.Casalemedia : Schoongemaakt met een backup
   :mozilla.13:D:\Documents and Settings\renaat\Application Data\Mozilla\Firefox\Profiles\ivge6t4b.default\cookies.txt -> TrackingCookie.Casalemedia : Schoongemaakt met een backup
   :mozilla.14:D:\Documents and Settings\renaat\Application Data\Mozilla\Firefox\Profiles\ivge6t4b.default\cookies.txt -> TrackingCookie.Casalemedia : Schoongemaakt met een backup
   :mozilla.15:D:\Documents and Settings\renaat\Application Data\Mozilla\Firefox\Profiles\ivge6t4b.default\cookies.txt -> TrackingCookie.Casalemedia : Schoongemaakt met een backup

::Einde rapport

(schoongemaakt met backup = cleaned with backup)

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 23:57:14, on 29/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\ewido anti-malware\ewidoguard.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Messenger\MSMSGS.EXE
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Winamp\winamp.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://pac.pandora.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe

the add/remove program list still isn't showing but I haven't been able to reboot in safe mode yet (there's a pw on the pc since yesterday cause of upcoming exams

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'

\' /> ), however ccleaner seemed to indicate that certain windows/system32 files were missing...

Tech Clinic / Win32 worm Alcan.A

« on: May 28, 2006, 05:59:14 AM »

I took a screenshot of my add/remove software: the text in the window means "The list is being composed. A moment of patience please...", no matter how long I leave it open it just remains like this.
here's the Silent Runners log:
"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""D:\Program Files\Messenger\MSMSGS.EXE" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"HPDJ Taskbar Utility" = "D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" ["HP"]
"QuickTime Task" = ""D:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"ATICCC" = ""D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]
"DAEMON Tools" = ""D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
"SunJavaUpdateSched" = "D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Configuratiescherm-uitbreiding Beeldscherm-panning"
-> {HKLM...CLSID} = "Configuratiescherm-uitbreiding Beeldscherm-panning"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-pictogramuitbreiding"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "D:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "D:\WINDOWS\System32\Audiodev.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "D:\WINDOWS\system32\browseui.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "D:\Program Files\iTunes\iTunesMiniPlayer.dll" [file not found]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "D:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "D:\WINDOWS\system32\shdocvw.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "D:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e" [file not found], [MS], [file not found], [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" [file not found]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {HKLM...CLSID} = "Ctest Object"
\InProcServer32\(Default) = "D:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {HKLM...CLSID} = "Ctest Object"
\InProcServer32\(Default) = "D:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\renaat\Application Data\Mozilla\Firefox\Bureaubladachtergrond.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "D:\WINDOWS\System32\logon.scr" [MS]

Startup items in "renaat" & "All Users" startup folders:
--------------------------------------------------------

D:\Documents and Settings\renaat\Menu Start\Programma's\Opstarten
"Adobe Gamma" -> shortcut to: "D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll" ["PC Tools"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "D:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
ewido security suite control, ewido security suite control, "D:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "D:\Program Files\ewido anti-malware\ewidoguard.exe" ["ewido networks"]
NOD32 Kernel Service, NOD32krn, ""D:\Program Files\Eset\nod32krn.exe"" ["Eset "]
Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\System32\wdfmgr.exe" [MS]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt09\Driver = "hpzsnt09.dll" ["HP"]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 31 seconds, including 18 seconds for message boxes)

---------------------------------------------------------------------------------------------------
and here's the HJT uninstall manager list:
Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
BearShare
Beveiligingsupdate for Windows Media Player 10 (KB911565)
Beveiligingsupdate voor Windows Media Player (KB911564)
Beveiligingsupdate voor Windows XP (KB890046)
Beveiligingsupdate voor Windows XP (KB893066)
Beveiligingsupdate voor Windows XP (KB893756)
Beveiligingsupdate voor Windows XP (KB896358)
Beveiligingsupdate voor Windows XP (KB896422)
Beveiligingsupdate voor Windows XP (KB896423)
Beveiligingsupdate voor Windows XP (KB896424)
Beveiligingsupdate voor Windows XP (KB896428)
Beveiligingsupdate voor Windows XP (KB899587)
Beveiligingsupdate voor Windows XP (KB899591)
Beveiligingsupdate voor Windows XP (KB900725)
Beveiligingsupdate voor Windows XP (KB901017)
Beveiligingsupdate voor Windows XP (KB901214)
Beveiligingsupdate voor Windows XP (KB902400)
Beveiligingsupdate voor Windows XP (KB904706)
Beveiligingsupdate voor Windows XP (KB905414)
Beveiligingsupdate voor Windows XP (KB905749)
Beveiligingsupdate voor Windows XP (KB905915)
Beveiligingsupdate voor Windows XP (KB908519)
Beveiligingsupdate voor Windows XP (KB908531)
Beveiligingsupdate voor Windows XP (KB911562)
Beveiligingsupdate voor Windows XP (KB911567)
Beveiligingsupdate voor Windows XP (KB911927)
Beveiligingsupdate voor Windows XP (KB912812)
Beveiligingsupdate voor Windows XP (KB912919)
Beveiligingsupdate voor Windows XP (KB913446)
Beveiligingsupdate voor Windows XP (KB913580)
CleanUp!
DivX
DivX Player
ewido anti-malware
HijackThis 1.99.1
Hitman Pro
iTunes
J2SE Runtime Environment 5.0 Update 6
LeuteScript 3
LS Image Converter
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
mIRC
Mozilla Firefox (1.5.0.3)
MSN Messenger 7.5
NOD32 antivirus systeem
Oblivion
QuickTime
Snowball Wars by OIN
Spybot - Search & Destroy 1.4
Spyware Doctor 3.5
SpywareBlaster v3.5.1
TeamSpeak 2 RC2
Update voor Windows XP (KB898461)
Update voor Windows XP (KB900485)
Update voor Windows XP (KB910437)
Ventrilo Client
VentriloMIX
VideoLAN VLC media player 0.8.4a
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
Wolfenstein - Enemy Territory
Yazzle by OIN

(in dutch voor = for and beveiligingsupdate = security-update , just to clarify)

A great big thanks so far btw

Tech Clinic / Win32 worm Alcan.A

« on: May 26, 2006, 05:30:36 AM »

Here's the WinPFind-log:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
aspack 18/03/2005 18:19:58 2337488 D:\WINDOWS\SYSTEM32\d3dx9_25.dll
aspack 26/05/2005 16:34:52 2297552 D:\WINDOWS\SYSTEM32\d3dx9_26.dll
aspack 22/07/2005 20:59:04 2319568 D:\WINDOWS\SYSTEM32\d3dx9_27.dll
aspack 5/12/2005 19:09:18 2323664 D:\WINDOWS\SYSTEM32\d3dx9_28.dll
PEC2 11/09/2002 14:00:00 41122 D:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 6/01/2006 19:06:34 573952 D:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 6/01/2006 19:06:34 573952 D:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 4/05/2006 6:26:22 5818784 D:\WINDOWS\SYSTEM32\MRT.exe
aspack 4/05/2006 6:26:22 5818784 D:\WINDOWS\SYSTEM32\MRT.exe
aspack 4/08/2004 10:03:00 729088 D:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 4/08/2004 10:03:20 676864 D:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 11/09/2002 14:00:00 1309184 D:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 4/08/2004 7:41:38 1309184 D:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in D:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/04/2006 20:09:58 H 0 D:\WINDOWS\38812880-IC
26/05/2006 12:10:40 S 2048 D:\WINDOWS\bootstat.dat
25/05/2006 0:43:46 H 54156 D:\WINDOWS\QTFont.qfn
25/05/2006 23:54:22 RH 749 D:\WINDOWS\WindowsShell.Manifest
25/05/2006 23:54:22 RH 749 D:\WINDOWS\system32\cdplayer.exe.manifest
25/05/2006 23:54:20 RH 749 D:\WINDOWS\system32\ncpa.cpl.manifest
25/05/2006 23:54:20 RH 749 D:\WINDOWS\system32\nwc.cpl.manifest
25/05/2006 23:54:22 RH 749 D:\WINDOWS\system32\sapi.cpl.manifest
25/05/2006 23:54:22 RH 749 D:\WINDOWS\system32\wuaucpl.cpl.manifest
30/03/2006 12:03:48 S 22339 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912812.cat
26/05/2006 12:10:30 H 8192 D:\WINDOWS\system32\config\default.LOG
26/05/2006 12:11:08 H 1024 D:\WINDOWS\system32\config\SAM.LOG
26/05/2006 12:10:40 H 12288 D:\WINDOWS\system32\config\SECURITY.LOG
26/05/2006 12:11:10 H 53248 D:\WINDOWS\system32\config\software.LOG
26/05/2006 12:10:46 H 909312 D:\WINDOWS\system32\config\system.LOG
10/05/2006 23:45:04 H 1024 D:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
24/04/2006 23:44:38 HS 388 D:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\9c937a4e-21e5-48cb-997e-ff178e0708fb
24/04/2006 23:44:38 HS 24 D:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
26/05/2006 12:09:22 H 6 D:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 4/08/2004 10:03:36 70656 D:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 4/08/2004 10:03:36 554496 D:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 4/08/2004 10:03:36 110592 D:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 4/08/2004 10:03:36 137728 D:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 4/08/2004 10:03:36 80384 D:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 4/08/2004 10:03:36 156672 D:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 4/08/2004 10:03:36 359936 D:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 4/08/2004 10:03:36 132608 D:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 4/08/2004 10:03:36 380928 D:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 4/08/2004 10:03:36 69632 D:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 10/11/2005 13:03:50 49265 D:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 11/09/2002 14:00:00 189440 D:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 4/08/2004 10:03:36 625152 D:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 11/09/2002 14:00:00 35840 D:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 4/08/2004 10:03:36 25600 D:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 4/08/2004 10:03:36 260608 D:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 4/08/2004 10:03:36 36864 D:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 4/08/2004 10:03:36 117248 D:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 4/08/2004 10:03:38 302592 D:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 11/09/2002 14:00:00 28160 D:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 4/08/2004 10:03:38 94720 D:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 4/08/2004 10:03:38 148480 D:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 5:16:34 174872 D:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 11/09/2002 14:00:00 189440 D:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 11/09/2002 14:00:00 35840 D:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 11/09/2002 14:00:00 28160 D:\WINDOWS\SYSTEM32\dllcache\telephon.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
24/01/2006 20:36:32 HS 84 D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
1/01/2002 2:30:18 HS 62 D:\Documents and Settings\All Users\Application Data\desktop.ini
10/04/2006 14:38:32 1362 D:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
19/03/2006 16:38:48 999 D:\Documents and Settings\renaat\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk
24/01/2006 20:36:32 HS 84 D:\Documents and Settings\renaat\Menu Start\Programma's\Opstarten\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
1/01/2002 2:30:18 HS 62 D:\Documents and Settings\renaat\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
   sv1    =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
   {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}    = D:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ImageConverter
   {C2B78404-577B-4565-B5B4-0555EFCC2A4B}    =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = D:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = D:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
   {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}    = D:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}    = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = D:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip van de dag = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
   MenuText    = Sun Java Console   : D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
   ButtonText    = Spyware Doctor   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
   ButtonText    = Messenger   : D:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
    =
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
   History Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
   Explorer-band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adres   : %SystemRoot%\System32\browseui.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Koppelingen   : %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adres   : %SystemRoot%\System32\browseui.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Koppelingen   : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   HPDJ Taskbar Utility   D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
   QuickTime Task   "D:\Program Files\QuickTime\qttask.exe" -atboottime
   ATICCC   "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
   DAEMON Tools   "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
   SunJavaUpdateSched   D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   MSMSGS   "D:\Program Files\Messenger\MSMSGS.EXE" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
   {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = D:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
   {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
   {0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   dontdisplaylastusername   0
   legalnoticecaption
   legalnoticetext
   shutdownwithoutlogon   1
   undockwithoutlogon   1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
   WinUpdate.exe   D:\Program Files\Windows\WinUpdate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
   PostBootReminder    {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
   CDBurn    {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
   WebCheck    {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
   SysTray     {35CEC8A3-2BE6-11D2-8773-92E220524153} = D:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   UserInit   = userinit.exe
   Shell      = Explorer.exe
   System      =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
    = Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
    = WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
   Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 26/05/2006 12:18:30

Tech Clinic / Win32 worm Alcan.A

« on: May 25, 2006, 05:01:14 PM »

I couldn't do the Spysweeper part anymore because I already ran the uninst.exe file from the folder earlier so it wasn't in that list anymore

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' /> . As for the Ewido report I forgot to save the report :| I can however post you the HJT log if that's any good:

Logfile of HijackThis v1.99.1
Scan saved at 23:58:40, on 25/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\ewido anti-malware\ewidoguard.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Messenger\MSMSGS.EXE
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://pac.pandora.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe

EDIT: I forgot the mention that the software list still is stuck at retrieving programs (or should I make a seperate thread for that?)

Tech Clinic / Win32 worm Alcan.A

« on: May 25, 2006, 07:06:00 AM »

ok, I did those things it appears that my spysweeper has expired a while back, but I can't remove it (well I can remove the folder..) because when I open the software list it keeps getting stuck at retrieving programs, it just goes on infinitely.Anyway thanks a lot so far here are the updated logs:

HJT:
Logfile of HijackThis v1.99.1
Scan saved at 14:02:33, on 25/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\userinit.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Eset\nod32krn.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Messenger\MSMSGS.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://pac.pandora.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

-----------------------------------------------------------------------------------------------------------------------------
L2M-log:

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 25/05/2006 13:59:02

Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP149\A0023668.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP149\A0023730.dll
Infected! D:\WINDOWS\system32\f00olad31d0.dll
Infected! D:\WINDOWS\system32\hr8405lqe.dll
Infected! D:\WINDOWS\system32\oeeacc.dll
Infected! D:\WINDOWS\system32\p08q0al5edq.dll

Attempting to delete infected files...

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP149\A0023668.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP149\A0023668.dll Deleted successfully!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP149\A0023730.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP149\A0023730.dll Deleted successfully!

Attempting to delete: D:\WINDOWS\system32\f00olad31d0.dll
D:\WINDOWS\system32\f00olad31d0.dll Deleted successfully!

Attempting to delete: D:\WINDOWS\system32\hr8405lqe.dll
D:\WINDOWS\system32\hr8405lqe.dll Deleted successfully!

Attempting to delete: D:\WINDOWS\system32\oeeacc.dll
D:\WINDOWS\system32\oeeacc.dll Deleted successfully!

Attempting to delete: D:\WINDOWS\system32\p08q0al5edq.dll
D:\WINDOWS\system32\p08q0al5edq.dll Deleted successfully!

Making registry repairs.

Restoring Windows certificates.

Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrators - Succeeded

Tech Clinic / Win32 worm Alcan.A

« on: May 24, 2006, 09:53:38 AM »

Hello again, first off thanks for the help

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' /> , what I meant about the antivirus programs was that I had norton installed before but I had to format my harddisks because there had been a writing error on one of my disks or something and I got Nod32 via Hitmanpro

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'

\' /> . Anyway I followed the instructions and I think it worked (or at least partially) cause I can open my task management via ctrl-alt-del again ^^. Just to make sure here's the HJT and L2M logs:
Logfile of HijackThis v1.99.1
Scan saved at 16:50:06, on 24/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Eset\nod32krn.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Messenger\MSMSGS.EXE
D:\Program Files\Weather\Weather.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://pac.pandora.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Weather.lnk = D:\Program Files\Weather\Weather.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
-----------------------------------------------------------------------------------------------------------------------------

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 24/05/2006 16:42:02

Infected! D:\WINDOWS\system32\f00olad31d0.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP145\A0020449.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP146\A0020509.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP146\A0020513.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP146\A0020526.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP146\A0020531.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP146\A0021531.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0021549.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0021550.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0022563.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0022564.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0022571.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0022572.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0023571.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0023583.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0023584.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0023594.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0023595.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0023604.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0023605.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP149\A0023634.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP149\A0023635.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP149\A0023650.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP149\A0023651.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP149\A0023658.dll
Infected! D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP149\A0023659.dll
Infected! D:\WINDOWS\system32\hr2m05f1e.dll
Infected! D:\WINDOWS\system32\guard.tmp

Attempting to delete infected files...

Attempting to delete: D:\WINDOWS\system32\f00olad31d0.dll
D:\WINDOWS\system32\f00olad31d0.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP145\A0020449.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP145\A0020449.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP146\A0020509.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP146\A0020509.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP146\A0020513.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP146\A0020513.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP146\A0020526.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP146\A0020526.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP146\A0020531.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP146\A0020531.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP146\A0021531.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP146\A0021531.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0021549.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0021549.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0021550.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0021550.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0022563.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0022563.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0022564.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0022564.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0022571.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0022571.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0022572.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0022572.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0023571.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0023571.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0023583.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0023583.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0023584.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0023584.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0023594.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0023594.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0023595.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0023595.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0023604.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0023604.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0023605.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP148\A0023605.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP149\A0023634.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP149\A0023634.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP149\A0023635.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP149\A0023635.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP149\A0023650.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP149\A0023650.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP149\A0023651.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP149\A0023651.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP149\A0023658.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP149\A0023658.dll could not be deleted!

Attempting to delete: D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP149\A0023659.dll
D:\System Volume Information\_restore{964F000C-FB2E-4E4C-9349-5CDC8D4F45B5}\RP149\A0023659.dll could not be deleted!

Attempting to delete: D:\WINDOWS\system32\hr2m05f1e.dll
D:\WINDOWS\system32\hr2m05f1e.dll could not be deleted!

Attempting to delete: D:\WINDOWS\system32\guard.tmp
D:\WINDOWS\system32\guard.tmp could not be deleted!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8ED70ADD-FF45-43F6-875B-80DCD425D98D}"
HKCR\Clsid\{8ED70ADD-FF45-43F6-875B-80DCD425D98D}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{19FBC226-7DFF-4CE8-8F38-DA260D79D429}"
HKCR\Clsid\{19FBC226-7DFF-4CE8-8F38-DA260D79D429}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{393716B9-5D65-45AB-AFEF-E3A452FE4A8B}"
HKCR\Clsid\{393716B9-5D65-45AB-AFEF-E3A452FE4A8B}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{762DE519-C18C-4C1B-8A94-11FD26E3A61F}"
HKCR\Clsid\{762DE519-C18C-4C1B-8A94-11FD26E3A61F}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2930B685-8312-425C-B778-25F688D833E2}"
HKCR\Clsid\{2930B685-8312-425C-B778-25F688D833E2}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FB0FB500-1548-40ED-A7EC-EAF1C573E7D6}"
HKCR\Clsid\{FB0FB500-1548-40ED-A7EC-EAF1C573E7D6}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrators - Succeeded

Tech Clinic / Win32 worm Alcan.A

« on: May 23, 2006, 11:00:41 AM »

I recently got this worm on my computer by downloading some stuff and since I don't have norton AV anymore (can't find the cd anymore

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/dry.gif\' class=\'bbc_emoticon\' alt=\'<_<\' /> ) I can't get rid of the annoying thing.So could you please help me out a bit

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' /> (thx in advance, this thing is driving me crazy

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'

\' /> )
here's my HJT-log:
Logfile of HijackThis v1.99.1
Scan saved at 17:56:19, on 23/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\outlook\outlook.exe
D:\WINDOWS\system32\winlog.exe
D:\Program Files\Messenger\MSMSGS.EXE
D:\Program Files\Weather\Weather.exe
D:\Program Files\ipwins\settingsDate.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\renaat\Bureaublad\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://pac.pandora.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [outlook] D:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Weather.lnk = D:\Program Files\Weather\Weather.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: BITS - D:\WINDOWS\system32\dnn6015se.dll
O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Tech Clinic / help with WIN32.P2P-WORM.ALCAN.A

« on: May 20, 2006, 12:39:22 PM »

[quote name=\'guestolo\' post=\'76617\' date=\'Dec 11 2005, 11:00 PM\']Download and save p2pnetwork.zip
Then UNZIP it to the BFU Folder
So you now have p2pnetwork.bfu extracted to the BFU folder[/quote]
I'm trying to get rid of this annoying worm (allong with some stupid spyware: CoolWebSearch or smth) as well but could it be that that file is no longer there?

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - reno

Tech Clinic / Win32 worm Alcan.A

Tech Clinic / Win32 worm Alcan.A

Tech Clinic / Win32 worm Alcan.A

Tech Clinic / Win32 worm Alcan.A

Tech Clinic / Win32 worm Alcan.A

Tech Clinic / Win32 worm Alcan.A

Tech Clinic / Win32 worm Alcan.A

Tech Clinic / Win32 worm Alcan.A

Tech Clinic / Win32 worm Alcan.A

Tech Clinic / help with WIN32.P2P-WORM.ALCAN.A