Show Posts

1

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

« on: February 13, 2007, 11:08:49 PM »

Good advice.. I will certainly scan new files I'm unsure about in the future...

Thank You!

2

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

« on: February 04, 2007, 12:57:28 PM »

Seems to be running great now. I noticed a boost in performance as soon as I completed the last set of instructions. Not sure if it's my imagination but it also feels like my internet connection got faster?

3

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

« on: February 01, 2007, 02:09:30 PM »

Hi, I did as instructed and my fresh hi-jack this log is below.

I installed AVG's anti-virus agent, thanks for the recommendation.

Do I also need a firewall if I'm behind a router?

Thank You.

+++++++++++++

Logfile of HijackThis v1.99.1
Scan saved at 2:05:29 PM, on 2/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\SecCopy\SecCopy.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Extensis\Suitcase 9.2\Suitcase.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\My Documents\My Work\downloads\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bradfitzpatrick.com/bookmarks/bookmarks.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Second Copy] "C:\PROGRA~1\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [DOpus] C:\Program Files\GPSoftware\Directory Opus\dopus.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} - http://thesecret.tv/movie/player/vivid_ocx.jpeg
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

++++++++++

4

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

« on: January 30, 2007, 09:16:24 PM »

Thanks... sorry, i looks like I missed your previous message. I did as you suggested above. Here is my fresh HiJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:14:13 PM, on 1/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\SecCopy\SecCopy.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Extensis\Suitcase 9.2\Suitcase.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Macromedia\Flash MX 2004\Flash.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\~e5d141.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~e5d141.tmp
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Owner\My Documents\My Work\downloads\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bradfitzpatrick.com/bookmarks/bookmarks.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Cleanup] ;
O4 - HKLM\..\Run: [Gateway Extended Warranty] ;
O4 - HKLM\..\Run: [msci] ;
O4 - HKLM\..\Run: [SSC_UserPrompt] ;
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Second Copy] "C:\PROGRA~1\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [DOpus] C:\Program Files\GPSoftware\Directory Opus\dopus.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} - http://thesecret.tv/movie/player/vivid_ocx.jpeg
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

5

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

« on: January 22, 2007, 11:50:11 AM »

Hi,

Are there any further actions I need to take on this problem?

Thank You!

6

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

« on: January 15, 2007, 05:23:44 PM »

Thanks Questolo... my computer seems to be running a little better but it's still sluggish at times.

I do not have antivirus installed because I was under the impression that since I was behind a router, I was not at risk... guess I was wrong. I do not have an anti virus program currently and would like your best suggestions on what I should get. Free would of course be nice but I'm willing to pay if it means better protection certainly.

Thank You!

Here is my new avenger log file:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qahedryb

*******************

Script file located at: \??\C:\WINDOWS\kkcecyhi.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\WINDOWS\system32\winsecurityxp deleted successfully.

Could not delete registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List|%SystemDir%\\winsecurityxp\\mswinup.exe
Deletion of registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List|%SystemDir%\\winsecurityxp\\mswinup.exe failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List|%SystemDir%\\winsecurityxp\\mswinup.exe
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

7

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

« on: January 11, 2007, 09:50:00 AM »

So am I all set then or is there still work left to do?

Thank You!

8

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

« on: January 09, 2007, 12:43:55 PM »

and finally, the log from my second GMER scan:

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-09 12:35:41
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- Registry - GMER 1.0.12 ----

Reg \Registry\USER\S-1-5-21-2194748585-1584497749-360572042-1003\Software\GPSoftware\Directory Opus\Paths\Formats\System@[+000214001f58602c8d20ea3a6910a2d708002b30309d1400470002456e74697265
204e6574776f726b0033004600824d6963726f736f66742057696e646f7773204e6574776f726b00
4
d6963726f736f6674204e6574776f726b00020022004100824669747a686f6d65004d6963726f736
f
6674204e6574776f726b00020022004200825c5c4266776f726b004d6963726f736f6674204e6574
7
76f726b0002000000] 0x01 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-2194748585-1584497749-360572042-1003\Software\GPSoftware\Directory Opus\Paths\Formats\System@[+000214001f58602c8d20ea3a6910a2d708002b30309d1400470002456e74697265
204e6574776f726b0033004600824d6963726f736f66742057696e646f7773204e6574776f726b00
4
d6963726f736f6674204e6574776f726b00020022004100824669747a686f6d65004d6963726f736
f
6674204e6574776f726b0002000000] 0x01 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-2194748585-1584497749-360572042-1003\Software\GPSoftware\Directory Opus\Paths\Formats\System@[+000214001f58602c8d20ea3a6910a2d708002b30309d1400470002456e74697265
204e6574776f726b0033004600824d6963726f736f66742057696e646f7773204e6574776f726b00
4
d6963726f736f6674204e6574776f726b00020022004100824669747a686f6d65004d6963726f736
f
6674204e6574776f726b00020032004200c25c5c436f736d6f004d6963726f736f6674204e657477
6
f726b00427261642773205461626c65742050430002000000] 0x01 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-2194748585-1584497749-360572042-1003\Software\GPSoftware\Directory Opus\Paths\Formats\System@[+000214001f58602c8d20ea3a6910a2d708002b30309d1400470002456e74697265
204e6574776f726b0033004600824d6963726f736f66742057696e646f7773204e6574776f726b00
4
d6963726f736f6674204e6574776f726b00020022004100824669747a686f6d65004d6963726f736
f
6674204e6574776f726b00020021004200825c5c436f736d6f004d6963726f736f6674204e657477
6
f726b0002000000] 0x04 0x00 0x00 0x00 ...

---- Files - GMER 1.0.12 ----

File C:\Documents and Settings\Owner\Application Data\Macromedia\Dreamweaver 8\Configuration\SiteCache\If the Shoe FITZ..\dwSiteColumnsMe.xml
File C:\Documents and Settings\Owner\Application Data\Macromedia\Dreamweaver MX\Configuration\SiteCache\If the Shoe FITZ..\dwSiteColumnsMe.xml
ADS C:\Documents and Settings\Owner\Desktop\SOME PICS\Cade&Mom_004.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\Owner\Desktop\SOME PICS\caden_01.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\Owner\Desktop\SOME PICS\caden_02.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\Owner\Desktop\SOME PICS\caden_03.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\Owner\Desktop\SOME PICS\caden_04.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\Owner\Desktop\SOME PICS\caden_05.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\Owner\Desktop\SOME PICS\caden_hot_trunks_01.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\Owner\Desktop\SOME PICS\caden_siena_sasha_sweaters_.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\Owner\Desktop\SOME PICS\cheesman_scary.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\Owner\Desktop\SOME PICS\deer_01.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\Owner\Desktop\SOME PICS\deer_02.jpg:Roxio EMC Stream
ADS ...

---- EOF - GMER 1.0.12 ----

9

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

« on: January 09, 2007, 12:42:47 PM »

my C:/Avenger.txt...

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bllbjfua

*******************

Script file located at: \??\C:\Program Files\aafbqlrj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver agony unloaded successfully.

Completed script processing.

*******************

Finished! Terminate.

10

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

« on: January 09, 2007, 12:41:08 PM »

here is my SDFix log report:

SDFix: Version 1.57

Tue 01/09/2007 - 12:07:10.04

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Owner\Desktop\SDFix

Safe Mode

Service Check:

Service Name:

File Path:

Starting Registry Repairs

Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two - Normal Mode

Checking Files:
--------------

C:\WINDOWS\system32\winsecurityxp\mswinup.exe

Removing any Files Found...

Alternate Stream Check:

C:\WINDOWS\system32
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"="C:\\Program Files\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP Client"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"%SystemDir%\\winsecurityxp\\mswinup.exe"="%SystemDir%\\winsecurityxp\\mswinup.exe:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"

Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\Owner\Desktop\SDFix\backups\backups.zip

Remaining files with hidden attributes:

C:\NTDETECT.COM
C:\Documents and Settings\Owner\My Documents\My Work\Clients\ActiveEdge\Active Edge_old_stuff\_FilesFromAE\Favorites\Business\The Quicken.com Channel\desktop.ini
C:\Documents and Settings\Owner\My Documents\My Work\Clients\ActiveEdge\Active Edge_old_stuff\_FilesFromAE\HappyTreeFriends\dvd.mondominishows.com\Thumbs.db
C:\Documents and Settings\Owner\My Documents\My Work\Clients\ActiveEdge\Active Edge_old_stuff\_FilesFromAE\HappyTreeFriends\happytee.mondominishows.com\Thumbs.db
C:\Documents and Settings\Owner\My Documents\My Work\Clients\ActiveEdge\Active Edge_old_stuff\_FilesFromAE\HappyTreeFriends\love.happytreefriends.com\Thumbs.db
C:\Documents and Settings\Owner\My Documents\My Work\Clients\ActiveEdge\Active Edge_old_stuff\_FilesFromAE\HappyTreeFriends\minibytes.mondominishows.com\eye\Thumbs.db
C:\Documents and Settings\Owner\My Documents\My Work\Clients\ActiveEdge\Active Edge_old_stuff\_FilesFromAE\HappyTreeFriends\spike.mondominishows.com\Thumbs.db
C:\Documents and Settings\Owner\My Documents\My Work\Inspiration\CARTOONS\Political\Ann Telnaes\www.anntelnaes.com\images\Thumbs.db
C:\Documents and Settings\Owner\My Documents\My Work\My Illustration\BlackRaiders.com\finals\Thumbs.db
C:\Documents and Settings\Owner\My Documents\My Work\My Illustration\Portfolios.com\Thumbs.db
C:\Documents and Settings\Owner\NetHood\bradfitzpatrick.com\Desktop.ini
C:\Program Files\Picasa2\setup.exe
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\WINDOWS\SMINST\HPCD.sys

Finished

11

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

« on: January 09, 2007, 12:40:06 PM »

my AVG report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:00:01 PM 1/9/2007

+ Scan result:

C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP265\A0048587.exe -> Backdoor.Prorat.19.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP265\A0048588.exe -> Backdoor.Prorat.19.i : Cleaned with backup (quarantined).
C:\My Downloads 3\registry clean up and tune up tools\RegDoctor v1.63\RegDoctor_keygen.exe -> Logger.Perfloger.o : Cleaned with backup (quarantined).
K:\My Stuff\Software\Huge Video Editing Software Collection\DVD.Lab.1.00.Pro.rar/DVD.Lab.1.00.Pro\Patcher.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\agony.sys -> Rootkit.Agony : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP330\A0064338.sys -> Rootkit.Agony : Cleaned with backup (quarantined).
C:\WINDOWS\system32\agony.sys -> Rootkit.Agony : Cleaned with backup (quarantined).
C:\WINDOWS\system32\winsecurityxp\rk.exe -> Rootkit.Agony : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.155:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.168:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.169:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.175:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.176:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.177:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.178:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.179:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.180:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.181:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.182:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.183:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.189:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.190:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.191:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.192:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.202:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.205:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.244:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.458:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.588:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.147:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.604:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.285:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.287:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.288:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.289:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.686:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.687:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.689:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.690:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.691:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.692:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.351:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Cj : Cleaned.
:mozilla.352:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Cj : Cleaned.
:mozilla.353:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Cj : Cleaned.
:mozilla.354:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Cj : Cleaned.
:mozilla.509:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.406:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.369:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.605:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.498:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.500:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.501:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.502:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.232:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.236:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.661:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.215:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.216:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.217:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.311:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.312:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.313:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.641:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.693:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.704:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.242:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.245:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned.
:mozilla.459:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.460:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.461:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.569:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.570:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.625:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.626:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.362:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.363:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.364:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.379:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.380:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.381:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.382:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.383:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.207:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.208:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.209:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.286:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.290:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.291:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.292:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.685:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.688:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.697:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.698:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.699:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.700:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.701:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.702:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.703:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.265:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.220:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.221:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.222:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.527:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.528:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.660:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.258:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.259:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.260:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.261:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.314:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.315:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.316:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.317:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP265\A0048586.exe -> Worm.VB.an : Cleaned with backup (quarantined).
K:\My Stuff\Software\Ace Utilities 3.0.0.4038.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).

::Report end

12

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

« on: January 09, 2007, 12:39:07 PM »

Thank You.

I just followed all of the above instructions and I will post all requested log files below in separate posts.

Here is my fresh hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:37:46 PM, on 1/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\SecCopy\SecCopy.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Extensis\Suitcase 9.2\Suitcase.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\My Work\downloads\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bradfitzpatrick.com/bookmarks/bookmarks.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Cleanup] ;
O4 - HKLM\..\Run: [Gateway Extended Warranty] ;
O4 - HKLM\..\Run: [msci] ;
O4 - HKLM\..\Run: [SSC_UserPrompt] ;
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Second Copy] "C:\PROGRA~1\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [DOpus] C:\Program Files\GPSoftware\Directory Opus\dopus.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} - http://thesecret.tv/movie/player/vivid_ocx.jpeg
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

13

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

« on: January 08, 2007, 03:44:17 PM »

And here is the log from my SREng Scan:

---begin---

Code: [Select]

2007-01-08,15:40:46

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
 - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Runing Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
	<updateMgr><"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1>  [N/A]
	<STYLEXP><C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide>  [N/A]
	<Second Copy><"C:\PROGRA~1\SecCopy\SecCopy.exe">  [Centered Systems]
	<Taskbar Shuffle><C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe>  [Jay Elaraj]
	<DOpus><C:\Program Files\GPSoftware\Directory Opus\dopus.exe>  [(Verified)GP Software]
	<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
	<Google Desktop Search><"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup>  [Google]
	<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
	<ShowWnd><ShowWnd.exe>  [N/A]
	<Recguard><%WINDIR%\SMINST\RECGUARD.EXE>  []
	<NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
	<IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Intel Corporation]
	<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Intel Corporation]
	<CHotkey><zHotkey.exe>  []
	<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Computer, Inc.]
	<iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe">  [(Verified)Apple Computer, Inc.]
	<High Definition Audio Property Page Shortcut><HDAShCut.exe>  [(Verified)Windows (R) Server 2003 DDK provider]
	<High Definition Audio Property Page Shortcut><HDAShCut.exe>  [(Verified)Windows (R) Server 2003 DDK provider]
	<SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
	<AlcWzrd><ALCWZRD.EXE>  [RealTek Semicoductor Corp.]
	<Alcmtr><ALCMTR.EXE>  [(Verified)Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<shell><explorer.exe>  [(Verified)Microsoft Corporation]
	<Userinit><userinit.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<AppInit_DLLs><C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL>  [Google]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<UIHost><LogonUI.EXE>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
	<{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}><C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll>  [(Verified)GP Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
	<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
	<WinlogonNotify: WgaLogon><WgaLogon.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<Cleanup><; >  [N/A]
	<Gateway Extended Warranty><; >  [N/A]
	<msci><; >  [N/A]
	<SSC_UserPrompt><; >  [N/A]

==================================
Startup Folders
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[Suitcase Startup]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Suitcase Startup.lnk --> C:\PROGRA~1\Extensis\SUITCA~1.2\Suitcase.exe [Extensis Products Group]><N>
[TabUserW.exe]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk --> C:\WINDOWS\system32\WTablet\TabUserW.exe [Wacom Technology, Corp.]><N>

==================================
Services
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ATM Service / ATMsrvc][Stopped/Disabled]
  <C:\WINDOWS\System32\ATMsrvc.exe><Adobe Systems Incorporated>
[Diskeeper / Diskeeper][Running/Auto Start]
  <"C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"><Diskeeper Corporation>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINDOWS\System32\dmadmin.exe /com><Microsoft Corp., Veritas Software>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPod Service / iPod Service][Running/Manual Start]
  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Computer, Inc.>
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[Network Location Awareness (NLA) / Nla][Running/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\mswsock.dll><Microsoft Corporation>
[Removable Storage / NtmsSvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\system32\ntmssvc.dll><Microsoft Corporation>
[Microsoft Office Diagnostics Service / odserv][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"><Microsoft Corporation>
[PrismXL / PrismXL][Running/Auto Start]
  <C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS><New Boundary Technologies, Inc.>
[Retrospect Launcher / RetroLauncher][Stopped/Disabled]
  <C:\Program Files\Dantz\Retrospect\retrorun.exe><Dantz Development Corporation>
[Retrospect WD Service / RetroWDSvc][Stopped/Disabled]
  <C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe><Dantz Development Corporation>
[StyleXPService / StyleXPService][Stopped/Auto Start]
  <"C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"><>
[TabletService / TabletService][Running/Auto Start]
  <C:\WINDOWS\system32\Tablet.exe><Wacom Technology, Corp.>
[Telephony / TapiSrv][Running/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\tapisrv.dll><Microsoft Corporation>
[Universal Plug and Play Device Host / upnphost][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k LocalService-->%SystemRoot%\System32\upnphost.dll><Microsoft Corporation>
[Windows Management Instrumentation / winmgmt][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\system32\wbem\WMIsvc.dll><Microsoft Corporation>

==================================
Drivers
[abp480n5 / abp480n5][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[adpu160m / adpu160m][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[agony / agony][Running/Manual Start]
  <\??\C:\WINDOWS\system32\agony.sys><N/A>
[Aha154x / Aha154x][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[asc / asc][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[asc3550 / asc3550][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[ASPI32 / ASPI32][Running/Auto Start]
  <System32\drivers\aspi32.sys><Adaptec>
[Audio Stub Driver / audstub][Running/Manual Start]
  <system32\DRIVERS\audstub.sys><Microsoft Corporation>
[cd20xrnt / cd20xrnt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
  <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
  <system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HSFHWBS2 / HSFHWBS2][Running/Manual Start]
  <system32\DRIVERS\HSFHWBS2.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
  <system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[ialm / ialm][Stopped/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Hauppauge WinTV PVR USB2 Encoder / iComp][Stopped/Manual Start]
  <system32\DRIVERS\HCWUSB2.sys><Hauppauge Computer Works, Inc.>
[ini910u / ini910u][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ini910u.sys><Microsoft Corporation>
[WD Bridge Controller Driver / inibtmgr][Stopped/Manual Start]
  <system32\DRIVERS\inibtmgr.sys><Western Digital>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[PnP ISA/EISA Bus Driver / isapnp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\isapnp.sys><Microsoft Corporation>
[Jukebox / Jukebox][Stopped/Manual Start]
  <system32\DRIVERS\ctpdusb2.sys><Creative Technology Ltd.>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[Mouse HID Driver / mouhid][Running/Manual Start]
  <system32\DRIVERS\mouhid.sys><Microsoft Corporation>
[mraid35x / mraid35x][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[MRxSmb / MRxSmb][Running/System Start]
  <system32\DRIVERS\mrxsmb.sys><Microsoft Corporation>
[Macronix MX987xx Family Fast Ethernet NT Driver / mxnic][Stopped/Manual Start]
  <system32\DRIVERS\mxnic.sys><Macronix International Co., Ltd.>
[Remote Access NDIS TAPI Driver / NdisTapi][Running/Manual Start]
  <system32\DRIVERS\ndistapi.sys><Microsoft Corporation>
[NetBios over Tcpip / NetBT][Running/System Start]
  <system32\DRIVERS\netbt.sys><Microsoft Corporation>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Pen Class / PenClass][Running/Boot Start]
  <\SystemRoot\system32\Drivers\PenClass.sys><Wacom Technology Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[ql1080 / ql1080][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[Sparrow / Sparrow][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[StyleXPHelper / StyleXPHelper][Running/System Start]
  <\??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe><Windows (R) 2000 DDK provider>
[Alcor Micro Corp Reader / SunkFilt][Running/Manual Start]
  <\??\C:\WINDOWS\System32\Drivers\sunkfilt.sys><Alcor Micro Corp.>
[symc810 / symc810][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[TosIde / TosIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\toside.sys><Microsoft Corporation>
[ultra / ultra][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[WAN Miniport (ATW) / wanatw][Stopped/Manual Start]
  <system32\DRIVERS\wanatw4.sys><N/A>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
Browser Add-ons
[HelperObject Class]
  {00C6482D-C502-44C8-8409-FCE54AD9C208} <C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll, TechSmith Corporation>
[&Research]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL, Microsoft Corporation>
[Real.com]
  {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:\WINDOWS\system32\Shdocvw.dll, Microsoft Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[SnagIt]
  {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll, TechSmith Corporation>
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <C:\WINDOWS\system32\macromed\download\Download.dll, Macromedia, Inc.>
[ActiveScan Installer Class]
  {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[ASPRO Installer Class]
  {D6376DD2-C2BD-49B2-A1B1-138F869633F3} <C:\WINDOWS\Downloaded Program Files\ASPROinst.dll, Panda Software>
[HelperObject Class]
  {00C6482D-C502-44C8-8409-FCE54AD9C208} <C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll, TechSmith Corporation>
[SnagIt]
  {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll, TechSmith Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Add to Windows &Live Favorites]
  <http://favorites.live.com/quickadd.aspx, N/A>
[E&xport to Microsoft Excel]
  <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 536][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 680][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 704][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3889]
	[C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3889]
[PID: 748][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 916][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1028][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1120][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1220][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1356][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1504][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
	[C:\WINDOWS\system32\CNMLM4d.DLL]  [CANON INC., 1.62.2.2]
	[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD4d.DLL]  [CANON INC., 1.62.2.2]
	[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUI4d.DLL]  [CANON INC., 1.62.2.2]
	[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDR4d.DLL]  [CANON INC., 1.62.2.2]
[PID: 1636][C:\WINDOWS\system32\msdtc.exe]  [Microsoft Corporation, 2001.12.4414.258]
[PID: 1708][C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe]  [Diskeeper Corporation, 10.0.608.0]
	[C:\Program Files\Diskeeper Corporation\Diskeeper\DKLib.dll]  [Diskeeper Corporation, 10.0.608.0]
	[C:\Program Files\Diskeeper Corporation\Diskeeper\GetFATExtents.dll]  [Diskeeper Corporation, 10.0.608.0]
	[C:\Program Files\Diskeeper Corporation\Diskeeper\1033\DkRes.dll]  [Diskeeper Corporation, 10.0.608.0]
	[C:\Program Files\Diskeeper Corporation\Diskeeper\Tab.dll]  [DiskeeperÂ® Corporation., 1.0.37.0]
	[C:\Program Files\Diskeeper Corporation\Diskeeper\DkTabProvider.dll]  [Diskeeper Corporation, 10.0.608.0]
	[C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS]  [New Boundary Technologies, Inc., 6.0.3.30]
[PID: 1776][C:\WINDOWS\system32\locator.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1860][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\CNQU86.DLL]  [CANON INC., 1, 0, 2, 3]
	[C:\WINDOWS\system32\CNQL3203.DLL]  [, 1, 0, 0, 5]
[PID: 1916][C:\WINDOWS\system32\Tablet.exe]  [Wacom Technology, Corp., 4.91-2]
[PID: 448][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 396][C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll]  [Google, 4.2006.1008.2039]
[PID: 812][C:\WINDOWS\zHotkey.exe]  [, 3, 0, 0, 7]
	[C:\WINDOWS\HKNTDLL.dll]  [N/A, N/A]
[PID: 1144][C:\Program Files\QuickTime\qttask.exe]  [Apple Computer, Inc., 7.1.3]
[PID: 824][C:\Program Files\iTunes\iTunesHelper.exe]  [Apple Computer, Inc., 7.0.2.16]
	[C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL]  [Apple Computer, Inc., 7.0.2.16]
	[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL]  [Apple Computer, Inc., 7.0.2.16]
[PID: 1736][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 1, 0, 0, 17]
[PID: 1524][C:\WINDOWS\ALCWZRD.EXE]  [RealTek Semicoductor Corp., 1.1.0.23]
[PID: 2076][C:\PROGRA~1\SecCopy\SecCopy.exe]  [Centered Systems, 7.0.0.163]
[PID: 2092][C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe]  [Jay Elaraj, 2.0.0.164]
	[C:\Program Files\Taskbar Shuffle\tbhookin.dll]  [, 2.0.0.469]
[PID: 2100][C:\Program Files\GPSoftware\Directory Opus\dopus.exe]  [GP Software, 2, 0, 0, 0]
	[C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll]  [GP Software, 2, 0, 60, 0]
	[C:\Program Files\GPSoftware\Directory Opus\dopusbch.dll]  [Jan van den Baard, modifications (with permission) by GP Software, 6, 0, 0, 4]
	[C:\Program Files\GPSoftware\Directory Opus\exif.dll]  [GP Software, 1, 0, 0, 6]
	[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
	[C:\WINDOWS\HKNTDLL.dll]  [N/A, N/A]
	[C:\Program Files\Ace Utilities\wipext.dll]  [N/A, N/A]
	[C:\Program Files\Ace Utilities\WIPE.dll]  [N/A, N/A]
	[C:\WINDOWS\system32\amstream.dll]  [N/A, N/A]
	[C:\WINDOWS\system32\quartz.dll]  [N/A, N/A]
	[C:\WINDOWS\system32\devenum.dll]  [N/A, N/A]
	[C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
	[C:\Program Files\K-Lite Codec Pack\filters\vsfilter.dll]  [Gabest, 1, 0, 0, 9]
	[C:\Program Files\K-Lite Codec Pack\filters\3ivxDSMediaSplitter.ax]  [3ivx.com, 4, 5, 1, 30]
	[C:\WINDOWS\system32\OpenQuicktimeLib.dll]  [N/A, N/A]
	[C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mcspmpeg.ax]  [MainConcept AG, 1, 0, 1, 3]
	[C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mpegin.dll]  [MainConcept AG, official release build]
	[C:\WINDOWS\system32\mpg2splt.ax]  [N/A, N/A]
	[C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mcdsmpeg.ax]  [MainConcept AG, 1, 0, 0, 73]
	[C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mcmpgdec.dll]  [MainConcept AG, official release build]
	[C:\WINDOWS\system32\dxmasf.dll]  [N/A, N/A]
	[C:\Program Files\Common Files\Ahead\DSFilter\NeVideo.ax]  [Ahead Software AG, 2, 0, 1, 0]
	[C:\Program Files\Common Files\Ahead\Lib\AdvrCntr.dll]  [Ahead Software AG, 1,0,13, 2121]
	[C:\Program Files\GPSoftware\Directory Opus\Viewers\jp2raw.dll]  [http://www.PretentiousName.com, 1, 1, 0, 0]
	[C:\Program Files\GPSoftware\Directory Opus\Viewers\movie.dll]  [GP Software, 1, 0, 0, 4]
	[C:\Program Files\GPSoftware\Directory Opus\Viewers\wma.dll]  [GP Software, 1, 0, 0, 3]
	[C:\Program Files\GPSoftware\Directory Opus\Viewers\textthumb.dll]  [http://www.PretentiousName.com, 1, 2, 0, 0]
	[C:\Program Files\GPSoftware\Directory Opus\Viewers\gifanim.dll]  [http://www.PretentiousName.com, 1, 1, 0, 8]
	[C:\Program Files\GPSoftware\Directory Opus\Viewers\ogg.dll]  [http://www.gpsoft.com.au, 1, 0, 0, 4]
	[C:\Program Files\GPSoftware\Directory Opus\Viewers\targa.dll]  [GP Software, 1, 0, 0, 4]
	[C:\Program Files\GPSoftware\Directory Opus\Viewers\text.dll]  [GP Software, 1, 0, 0, 12]
[PID: 2108][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2184][C:\Program Files\Extensis\Suitcase 9.2\Suitcase.exe]  [Extensis Products Group, 9.2]
	[C:\Program Files\Extensis\Suitcase 9.2\EToolBox.dll]  [Extensis, Inc., 1.0.6]
	[C:\Program Files\Extensis\Suitcase 9.2\slp.dll]  [N/A, N/A]
	[C:\Program Files\Extensis\Suitcase 9.2\SCAfmSup.dll]  [Extensis Products Group, 1, 0, 0, 1]
	[C:\Program Files\Extensis\Suitcase 9.2\SCAtmSup.dll]  [Extensis Products Group, 1, 0, 0, 1]
	[C:\WINDOWS\system32\ATMLIB.dll]  [Adobe Systems, 5.1 Build 226]
[PID: 2196][C:\WINDOWS\system32\WTablet\TabUserW.exe]  [Wacom Technology, Corp., 4.91-2]
[PID: 2208][C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopHyper.dll]  [Google, 4.2006.1008.2039]
	[C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Google\Google Desktop Search\gzlib.dll]  [N/A, N/A]
	[C:\WINDOWS\HKNTDLL.dll]  [N/A, N/A]
[PID: 2220][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2420][C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Google\Google Desktop Search\gzlib.dll]  [N/A, N/A]
	[C:\WINDOWS\system32\icm32.dll]  [Microsoft Corporation, 5.1.2600.2709 (xpsp_sp2_gdr.050628-1518)]
[PID: 2452][C:\Program Files\iPod\bin\iPodService.exe]  [Apple Computer, Inc., 7.0.2.16]
	[C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL]  [Apple Computer, Inc., 7.0.2.16]
	[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL]  [Apple Computer, Inc., 7.0.2.16]
[PID: 820][C:\Program Files\Microsoft Office\Office10\WINWORD.EXE]  [Microsoft Corporation, 10.0.2627]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopOffice.dll]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll]  [Google, 4.2006.1008.2039]
	[C:\Program Files\TechSmith\SnagIt 8\SnagItOfficeAddin.dll]  [TechSmith Corporation, 1.1.0]
	[C:\Program Files\TechSmith\SnagIt 8\SnagItOfficeAddinRes.dll]  [TechSmith Corporation, 1.1.0]
	[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUI4d.DLL]  [CANON INC., 1.62.2.2]
	[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDR4d.DLL]  [CANON INC., 1.62.2.2]
[PID: 184][C:\Documents and Settings\Owner\Desktop\gmer.exe]  [N/A, 1, 0, 12, 12011]
	[C:\WINDOWS\gmer.dll]  [N/A, 1, 0, 12, 12011]
	[C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll]  [GP Software, 2, 0, 60, 0]
	[C:\WINDOWS\HKNTDLL.dll]  [N/A, N/A]
[PID: 3652][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll]  [GP Software, 2, 0, 60, 0]
	[C:\Program Files\Taskbar Shuffle\tbhookin.dll]  [, 2.0.0.469]
	[C:\Program Files\SmartFTP\smarthook.dll]  [SmartFTP, 1.0.2.1]
	[C:\Program Files\WinSCP3\DragExt.dll]  [Martin Prikryl, 1.1.5.67]
	[C:\Program Files\Ashampoo\Ashampoo WinOptimizer Platinum 3\ContextHandler.dll]  [N/A, N/A]
	[C:\Program Files\Ace Utilities\wipext.dll]  [N/A, N/A]
	[C:\Program Files\Ace Utilities\WIPE.dll]  [N/A, N/A]
	[C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
	[C:\Program Files\TextPad 4\System\shellext.dll]  [Helios Software Solutions, 1.4]
	[C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll]  [TechSmith Corporation, 1.0.2.0]
	[C:\Program Files\eFax Messenger 4.0\J2GShell.dll]  [j2 Global Communications, Inc., 4.0.134.0]
	[C:\Program Files\eFax Messenger 4.0\J2GRes_Enu.dll]  [j2 Global Communications, Inc., 4.0.134.0]
[PID: 3280][C:\Program Files\Windows NT\Accessories\wordpad.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll]  [GP Software, 2, 0, 60, 0]
	[C:\WINDOWS\HKNTDLL.dll]  [N/A, N/A]
	[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUI4d.DLL]  [CANON INC., 1.62.2.2]
	[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDR4d.DLL]  [CANON INC., 1.62.2.2]
[PID: 500][C:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.8.1.1: 2006120418]
	[C:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
	[C:\Program Files\Mozilla Firefox\nspr4.dll]  [Netscape Communications Corporation, 4.6.4]
	[C:\Program Files\Mozilla Firefox\xpcom_core.dll]  [Mozilla Foundation, 1.8.1.1: 2006120418]
	[C:\Program Files\Mozilla Firefox\plc4.dll]  [Netscape Communications Corporation, 4.6.4]
	[C:\Program Files\Mozilla Firefox\plds4.dll]  [Netscape Communications Corporation, 4.6.4]
	[C:\Program Files\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]
	[C:\Program Files\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]
	[C:\Program Files\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]
	[C:\Program Files\Mozilla Firefox\xpcom_compat.dll]  [Mozilla Foundation, 1.8.1.1: 2006120418]
	[C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Mozilla Firefox\components\myspell.dll]  [Mozilla Foundation, 1.8.1.1: 2006120418]
	[C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.8.1.1: 2006120418]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Mozilla Firefox\components\jar50.dll]  [Mozilla Foundation, 1.8.1.1: 2006120418]
	[C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll]  [N/A, N/A]
	[C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll]  [GP Software, 2, 0, 60, 0]
	[C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll]  [N/A, N/A]
	[C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\components\FoxyTunes.dll]  [N/A, N/A]
	[C:\Program Files\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]
	[C:\PROGRA~1\MOZILL~1\nssckbi.dll]  [Mozilla Foundation, 1.62]
	[C:\Program Files\Mozilla Firefox\components\spellchk.dll]  [Mozilla Foundation, 1.8.1.1: 2006120418]
	[C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\components\ColorZilla.dll]  [N/A, N/A]
	[C:\Program Files\Mozilla Firefox\plugins\npmozax.dll]  [, 1, 0, 0, 4]
	[C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll]  [N/A, N/A]
	[C:\Program Files\Google\Google Desktop Search\gzlib.dll]  [N/A, N/A]
	[C:\WINDOWS\HKNTDLL.dll]  [N/A, N/A]
	[C:\Program Files\Dell\Dell DJ Explorer\CTOJBNS.DLL]  [Creative Technology Ltd, 1.00.13]
	[C:\Program Files\Dell\Dell DJ Explorer\CTIntrfc.dll]  [Creative Technology Ltd, 1.1.1.0]
	[C:\Program Files\Dell\Dell DJ Explorer\DFMHK.dll]  [Creative Technology Ltd, 1.0.1.0]
	[C:\Program Files\Dell\Dell DJ Explorer\CTOJBRES.DLL]  [Creative Technology Ltd, 1.00.11]
	[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
[PID: 3100][C:\Documents and Settings\Owner\Desktop\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
	[C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll]  [GP Software, 2, 0, 60, 0]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   Error. ["C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1	   localhost

==================================
API HOOK
N/A

==================================

14

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

« on: January 08, 2007, 03:42:22 PM »

Thank You.

I tried posting my GMER log dierctly into the forum but the browser kept crashing, even when I tried to do it in multiple parts so I will post it on my own server and link to it here:

http://bradfitzpatrick.com/BFGMER_log_.txt

15

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

« on: January 08, 2007, 03:40:01 PM »

ooops

16

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

« on: January 02, 2007, 03:05:22 PM »

Also, I don't know how relevant this is, but I currently have no sound on my computer. When I try to run windows media player, I get this message:

"Windows Media Player cannot play the file because there is a problem with your sound device. There might not be a sound device installed on your computer, it might be in use by another program, or it might not be functioning properly."

17

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

« on: January 02, 2007, 03:02:53 PM »

Sounds just lovely.

Thanks for the quick response and helpful assistance Ryan.

Here is the result.. hopefully I did it right and it's what you're looking for. If not let me know.

------

Active Connections

Proto Local Address Foreign Address State
TCP BFWORK:epmap BFWORK:0 LISTENING
TCP BFWORK:microsoft-ds BFWORK:0 LISTENING
TCP BFWORK:2869 BFWORK:0 LISTENING
TCP BFWORK:31038 BFWORK:0 LISTENING
TCP BFWORK:1025 BFWORK:0 LISTENING
TCP BFWORK:1086 localhost:1087 ESTABLISHED
TCP BFWORK:1087 localhost:1086 ESTABLISHED
TCP BFWORK:1088 localhost:1089 ESTABLISHED
TCP BFWORK:1089 localhost:1088 ESTABLISHED
TCP BFWORK:1225 localhost:1226 ESTABLISHED
TCP BFWORK:1226 localhost:1225 ESTABLISHED
TCP BFWORK:4664 BFWORK:0 LISTENING
TCP BFWORK:netbios-ssn BFWORK:0 LISTENING
TCP BFWORK:1234 f4.4.5546.static.theplanet.com:http CLOSE_WAIT
TCP BFWORK:1387 he-in-f104.google.com:http ESTABLISHED
TCP BFWORK:1388 he-in-f104.google.com:http ESTABLISHED
TCP BFWORK:1402 va-in-f104.google.com:http TIME_WAIT
TCP BFWORK:1419 va-in-f99.google.com:http ESTABLISHED
TCP BFWORK:1439 72.14.253.91:http ESTABLISHED
TCP BFWORK:1469 worldwidebrands.com:http ESTABLISHED
TCP BFWORK:1470 worldwidebrands.com:http ESTABLISHED
TCP BFWORK:1478 va-in-f99.google.com:http ESTABLISHED
UDP BFWORK:microsoft-ds *:*
UDP BFWORK:1042 *:*
UDP BFWORK:1055 *:*
UDP BFWORK:1243 *:*
UDP BFWORK:1900 *:*
UDP BFWORK:netbios-ns *:*
UDP BFWORK:netbios-dgm *:*
UDP BFWORK:1900 *:*

C:\DOCUME~1\OWNER>

18

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

« on: January 02, 2007, 01:47:00 PM »

And here are the results of the http://virusscan.jotti.org/ scan I ran on the following file:

C:\Documents and Settings\Owner\agony.sys.

Scan results:

----

AntiVir
Found RKIT/Agony.A
ArcaVir
Found Trojan.Rootkit.Agent.Cs
Avast
Found Win32:Agent-CWS
AVG Antivirus
Found nothing
BitDefender
Found Rootkit.Agony.A
ClamAV
Found nothing
Dr.Web
Found Trojan.NtRootKit.184
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found RKPort!tr
Kaspersky Anti-Virus
Found nothing
NOD32
Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

-----

19

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

« on: January 02, 2007, 01:43:46 PM »

Here is my Ad Aware log of the scan (which I quarantined):

---

Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, January 02, 2007 12:58:24 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R142 02.01.2007
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

References detected during the scan:
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
Backdoor.Prorat.16(TAC index:

:18 total references
MRU List(TAC index:0):13 total references
Tracking Cookie(TAC index:3):1 total references
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

1-2-2007 12:58:24 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom

MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\macromedia\dreamweaver 6\recent file list
Description : list of recently used files in macromedia dreamweaver

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history

Listing running processes
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 580
ThreadCreationTime : 1-1-2007 8:33:32 PM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 652
ThreadCreationTime : 1-1-2007 8:33:38 PM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 676
ThreadCreationTime : 1-1-2007 8:33:40 PM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 720
ThreadCreationTime : 1-1-2007 8:33:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 732
ThreadCreationTime : 1-1-2007 8:33:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 884
ThreadCreationTime : 1-1-2007 8:33:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1000
ThreadCreationTime : 1-1-2007 8:33:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1092
ThreadCreationTime : 1-1-2007 8:33:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1192
ThreadCreationTime : 1-1-2007 8:33:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1340
ThreadCreationTime : 1-1-2007 8:33:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1464
ThreadCreationTime : 1-1-2007 8:33:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1716
ThreadCreationTime : 1-1-2007 8:33:50 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [msdtc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1848
ThreadCreationTime : 1-1-2007 8:33:54 PM
BasePriority : Normal
FileVersion : 2001.12.4414.258
ProductVersion : 03.01.00.4414
ProductName : Microsoft Distributed Transaction Coordinator
CompanyName : Microsoft Corporation
FileDescription : MS DTC console program
InternalName : MSDTC.EXE
LegalCopyright : Copyright © Microsoft Corp. 1995-1998
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(tm) is a trademark of Microsoft Corporation

#:14 [dkservice.exe]
FilePath : C:\Program Files\Diskeeper Corporation\Diskeeper\
ProcessID : 1920
ThreadCreationTime : 1-1-2007 8:33:54 PM
BasePriority : Normal
FileVersion : 10.0.608.0
ProductVersion : 10.0.608.0
ProductName : Diskeeper (tm) Disk Defragmenter
CompanyName : Diskeeper Corporation
FileDescription : DKSERVICE.EXE
InternalName : DKSERVICE
LegalCopyright : Â© 1995-2006 Diskeeper Corporation
OriginalFilename : DKSERVICE

#:15 [prismxl.sys]
FilePath : C:\Program Files\Common Files\New Boundary\PrismXL\
ProcessID : 1960
ThreadCreationTime : 1-1-2007 8:33:54 PM
BasePriority : Normal
FileVersion : 6.0.3.30
ProductVersion : 6.0.3.30
ProductName : PrismXL Software Family
CompanyName : New Boundary Technologies, Inc.
FileDescription : PrismXL Service
InternalName : PrismXL Service
LegalCopyright : Â© 1997-2004 New Boundary Technologies
OriginalFilename : PrismXL.sys

#:16 [locator.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1996
ThreadCreationTime : 1-1-2007 8:33:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Rpc Locator
InternalName : locator.exe
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : locator.exe

#:17 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 148
ThreadCreationTime : 1-1-2007 8:33:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:18 [tablet.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 208
ThreadCreationTime : 1-1-2007 8:33:55 PM
BasePriority : High

#:19 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1084
ThreadCreationTime : 1-1-2007 8:34:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:20 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 784
ThreadCreationTime : 1-1-2007 8:34:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:21 [googledesktop.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 192
ThreadCreationTime : 1-1-2007 8:34:04 PM
BasePriority : Normal
FileVersion : 4.2006.1008.2039
ProductVersion : 4.2006.1008.2039
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.

#:22 [aolsoftware.exe]
FilePath : C:\Program Files\Common Files\AOL\1140813571\ee\
ProcessID : 1792
ThreadCreationTime : 1-1-2007 8:34:04 PM
BasePriority : Normal
FileVersion : 1.4.16.3
ProductVersion : 1.4.16.3
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLSoftware
LegalCopyright : Â© 2006 America Online, Inc.
OriginalFilename : AOLSoftware.exe

#:23 [viewmgr.exe]
FilePath : C:\Program Files\Viewpoint\Viewpoint Manager\
ProcessID : 936
ThreadCreationTime : 1-1-2007 8:34:04 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 42
ProductVersion : 2, 0, 0, 42
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright Â© 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager

#:24 [picasamediadetector.exe]
FilePath : C:\Program Files\Picasa2\
ProcessID : 1044
ThreadCreationTime : 1-1-2007 8:34:04 PM
BasePriority : Normal
FileVersion : 2.5.0
ProductVersion : 2.5.0
ProductName : Picasa
CompanyName : Google Inc.
FileDescription : Picasa
InternalName : Picasa
LegalCopyright : Â© 2004- 2006 Google Inc.
OriginalFilename : Picasa2.exe

#:25 [shwiconem.exe]
FilePath : C:\Program Files\Digital Media Reader\
ProcessID : 964
ThreadCreationTime : 1-1-2007 8:34:04 PM
BasePriority : Idle
FileVersion : 1, 4, 0, 8
ProductVersion : 1, 4, 0, 8
ProductName : Multimedia Card Reader
CompanyName : Alcor Micro, Corp.
LegalCopyright : Copyright c 2002
Comments : Alcor 9360 4/4.5 Slot XP

#:26 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 968
ThreadCreationTime : 1-1-2007 8:34:04 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 14
ProductVersion : 1, 0, 0, 14
ProductName : Realtek HD Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek HD Audio Sound Manager

#:27 [pdvdserv.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ProcessID : 1208
ThreadCreationTime : 1-1-2007 8:34:05 PM
BasePriority : Normal
FileVersion : 5.00.0000
ProductVersion : 5.00.0000
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2002
OriginalFilename : PDVDSERV.EXE

#:28 [zhotkey.exe]
FilePath : C:\WINDOWS\
ProcessID : 1396
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 7
ProductVersion : 3, 0, 0, 0
ProductName : Multimedia Keyboard Driver
FileDescription : Multimedia Keyboard Driver
InternalName : Multimedia Hotkey Driver
LegalCopyright : Copyright © 2004.
OriginalFilename : mHotkey.res

#:29 [alcwzrd.exe]
FilePath : C:\WINDOWS\
ProcessID : 1556
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 1.1.0.15
ProductVersion : 1.1.0.15
ProductName : ALCWZRD
CompanyName : RealTek Semicoductor Corp.
FileDescription : RealTek AlcWzrd Application
InternalName : ALCWZRD.EXE
LegalCopyright : Copyright © 2003-2004 Realtek Semiconductor Corp.
OriginalFilename : ALCWZRD.EXE

#:30 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1660
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 7.1.3
ProductVersion : QuickTime 7.1.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:31 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 1664
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : Â© 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:32 [googledesktopindex.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 1700
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 4.2006.1008.2039
ProductVersion : 4.2006.1008.2039
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.

#:33 [seccopy.exe]
FilePath : C:\PROGRA~1\SecCopy\
ProcessID : 844
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 7.0.0.163
ProductVersion : 7.0
ProductName : Second Copy
CompanyName : Centered Systems
FileDescription : SecCopy
InternalName : SecCopy
LegalCopyright : Â© 1991-2006 All rights reserved
LegalTrademarks : Second Copy Â®
OriginalFilename : SecCopy.exe

#:34 [taskbarshuffle.exe]
FilePath : C:\Program Files\Taskbar Shuffle\
ProcessID : 1804
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 2.0.0.164
ProductVersion : 1.0.0.0
ProductName : Taskbar Shuffle
CompanyName : Jay Elaraj
FileDescription : Taskbar Shuffle
InternalName : taskbarshuffle.exe
LegalCopyright : Copyright © 2006

#:35 [dopus.exe]
FilePath : C:\Program Files\GPSoftware\Directory Opus\
ProcessID : 1512
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 8, 2, 2, 4
ProductName : Directory Opus
CompanyName : GP Software
FileDescription : Directory Opus 8
InternalName : dopus
LegalCopyright : Copyright Â© 1999-2006 GP Software
LegalTrademarks : Directory Opus, Opus, DOpus, DirOpus, OpusPC, PCOpus are trademarks of GP Software
OriginalFilename : dopus.exe

#:36 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1936
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:37 [suitcase.exe]
FilePath : C:\Program Files\Extensis\Suitcase 9.2\
ProcessID : 2108
ThreadCreationTime : 1-1-2007 8:34:07 PM
BasePriority : Normal
FileVersion : 9.2
ProductVersion : 9.2
ProductName : Suitcase 9.2
CompanyName : Extensis Products Group
FileDescription : Suitcase for Windows
InternalName : Suitcase
LegalCopyright : Copyright Â© 2003 Extensis Products Group
OriginalFilename : Suitcase.exe

#:38 [tabuserw.exe]
FilePath : C:\WINDOWS\system32\WTablet\
ProcessID : 2124
ThreadCreationTime : 1-1-2007 8:34:07 PM
BasePriority : Normal
FileVersion : 4.91-2
ProductVersion : 4.91-2
ProductName : Wacom Technology, Corp. TABUSERW
CompanyName : Wacom Technology, Corp.
FileDescription : TABUSERW
InternalName : TABUSERW
LegalCopyright : Copyright Â© 1997,1998,1999,2000,2001,2002,2003,2004,2005 Wacom Technology, Corp.
OriginalFilename : TABUSERW.EXE

#:39 [googledesktopcrawl.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 2300
ThreadCreationTime : 1-1-2007 8:34:09 PM
BasePriority : Normal
FileVersion : 4.2006.1008.2039
ProductVersion : 4.2006.1008.2039
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.

#:40 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2376
ThreadCreationTime : 1-1-2007 8:34:10 PM
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : Â© 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:41 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 3344
ThreadCreationTime : 1-1-2007 8:34:46 PM
BasePriority : Normal

#:42 [taskpl~1.exe]
FilePath : C:\PROGRA~1\Ashampoo\ASHAMP~1\
ProcessID : 2504
ThreadCreationTime : 1-1-2007 8:37:57 PM
BasePriority : Normal

#:43 [dfrgfat.exe]
FilePath : C:\Program Files\Diskeeper Corporation\Diskeeper\
ProcessID : 1712
ThreadCreationTime : 1-1-2007 9:31:46 PM
BasePriority : Normal
FileVersion : 10.0.608.0
ProductVersion : 10.0.608.0
ProductName : Diskeeper (tm) Disk Defragmenter
CompanyName : Diskeeper Corporation
FileDescription : DFRGFAT.EXE
InternalName : DFRGFAT
LegalCopyright : Â© 1995-2006 Diskeeper Corporation
OriginalFilename : DFRGFAT

#:44 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2664
ThreadCreationTime : 1-2-2007 3:29:13 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE

#:45 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1608
ThreadCreationTime : 1-2-2007 5:57:15 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright Â© Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 0
Objects found so far: 13

Started registry scan
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Registry Scan result:
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 0
Objects found so far: 13

Started deep registry scan
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Deep registry scan result:
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 0
Objects found so far: 13

Started Tracking Cookie scan
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@live365[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 1-6-2012 12:38:10 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 1
Objects found so far: 14

Deep scanning and examining files (C:)
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Backdoor.Prorat.16 Object Recognized!
Type : File
Data : A0048589.dll
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP265\

Disk Scan Result for C:\
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 0
Objects found so far: 15

Deep scanning and examining files (D:)
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Disk Scan Result for D:\
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 0
Objects found so far: 15

Deep scanning and examining files (K:)
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Disk Scan Result for K:\
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 0
Objects found so far: 15

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Hosts file scan result:
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
1 entries scanned.
New critical objects:0
Objects found so far: 15

Performing conditional scans...
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Backdoor.Prorat.16 Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : FW_KILL

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : XP_FW_Disable

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : XP_SYS_Recovery

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : ICQ_UIN

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : ICQ_UIN2

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Kurban_Ismi

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Mail

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Online_List

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Port

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Sifre

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Hata

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : KSil

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : LanNotifie

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Tport

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : ServerVersionInt

Backdoor.Prorat.16 Object Recognized!
Type : RegData
Data : explorer.exe
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe

Conditional scan result:
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 17
Objects found so far: 32

1:21:59 PM Scan Complete

Summary Of This Scan
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
Total scanning time:00:23:34.714
Objects scanned:353662
Objects identified:19
Objects ignored:0
New critical objects:19

---------

20

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

« on: January 01, 2007, 10:30:52 PM »

Hi guestolo, thanks for the quick reply. Below is the log file from my Combofix scan:

----

Owner - 07-01-01 22:27:10.47 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Owner\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\winupdates

((((((((((((((((((((((((((((((( Files Created from 2006-12-01 to 2007-01-01 ))))))))))))))))))))))))))))))))))

2007-01-01   15:37   <DIR>   d--------   C:\Program Files\Ashampoo
2007-01-01   15:31   19,584   --a------   C:\Documents and Settings\Owner\agony.sys
2007-01-01   15:29   19,584   --a------   C:\WINDOWS\system32\agony.sys
2007-01-01   15:11   <DIR>   d--------   C:\Program Files\Ace Utilities
2006-12-30   08:37   <DIR>   d--------   C:\Program Files\Windows Media Connect 2
2006-12-30   08:33   <DIR>   d--------   C:\WINDOWS\system32\drivers\UMDF
2006-12-20   09:07   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\PCF-VLC

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-01 21:16   --------   d--------   C:\Program Files\Mozilla Thunderbird
2007-01-01 17:55   --------   d--------   C:\Program Files\Mozilla Firefox
2007-01-01 16:20   --------   d--------   C:\Program Files\Registry Mechanic
2007-01-01 16:11   --------   d--h-----   C:\Program Files\InstallShield Installation Information
2007-01-01 16:11   --------   d--------   C:\Program Files\Common Files\Ulead Systems
2007-01-01 15:57   --------   d--------   C:\Documents and Settings\Owner\Application Data\Azureus
2007-01-01 15:10   --------   d--------   C:\Documents and Settings\Owner\Application Data\Skype
2007-01-01 14:56   --------   d--------   C:\Program Files\Winamp
2007-01-01 14:54   --------   d--------   C:\Program Files\FontExplorerL.M
2006-12-30 14:56   --------   d--------   C:\Documents and Settings\Owner\Application Data\Macromedia
2006-12-30 11:53   --------   d--------   C:\Program Files\Windows Media Player
2006-12-28 19:50   --------   d--------   C:\Documents and Settings\Owner\Application Data\Canon
2006-12-20 14:13   --------   d--------   C:\Program Files\Instant PopOVER V2.0
2006-12-20 09:13   --------   d--------   C:\Program Files\ScreenPrint32 v3
2006-12-20 09:10   --------   d--------   C:\Program Files\GrabIt
2006-12-15 11:50   --------   d--------   C:\Program Files\Internet Explorer
2006-12-07 09:09   --------   d--------   C:\Documents and Settings\Owner\Application Data\.gaim
2006-12-02 09:24   --------   d--------   C:\Program Files\Azureus
2006-11-29 20:27   --------   d--------   C:\Documents and Settings\Owner\Application Data\Publish Providers
2006-11-25 01:29   --------   d--------   C:\Program Files\Common Files
2006-11-25 01:29   --------   d--------   C:\Documents and Settings\Owner\Application Data\COWON
2006-11-24 23:02   --------   d--------   C:\Documents and Settings\Owner\Application Data\Snapfish
2006-11-21 13:20   --------   d--------   C:\Program Files\Common Files\Adobe
2006-11-21 09:57   --------   d--------   C:\Documents and Settings\Owner\Application Data\AdobeAUM
2006-11-21 09:57   --------   d--------   C:\Documents and Settings\Owner\Application Data\Adobe
2006-11-21 09:53   --------   d--------   C:\Program Files\Adobe
2006-11-11 07:47   --------   d--------   C:\Program Files\iTunes
2006-11-11 07:46   --------   d--------   C:\Program Files\QuickTime
2006-11-11 07:46   --------   d--------   C:\Program Files\iPod
2006-11-07 16:29   --------   d--------   C:\Program Files\Gaim
2006-11-07 16:29   --------   d--------   C:\Program Files\Common Files\GTK
2006-11-04 14:14   1245696   --a------   C:\WINDOWS\system32\msxml4.dll
2006-10-31 09:35   73728   --a------   C:\WINDOWS\ALCFDRTM.EXE
2006-10-30 15:25   73216   --a------   C:\WINDOWS\ST6UNST.EXE
2006-10-30 15:25   249856   ---------   C:\WINDOWS\Setup1.exe
2006-10-19 08:56   713216   --a------   C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58   8704   --a------   C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58   8704   --a------   C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47   99840   --a------   C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47   991744   --a------   C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47   937984   --a------   C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47   8231936   --a------   C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47   767488   ---------   C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47   757248   --a------   C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47   7168   --a------   C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47   656896   ---------   C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47   63488   --a------   C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47   629760   --a------   C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47   613376   ---------   C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47   603648   --a------   C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47   542720   --a------   C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47   535040   ---------   C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47   429056   --a------   C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47   414208   --a------   C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47   38400   ---------   C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47   37376   --a------   C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47   35840   --a------   C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47   356352   --a------   C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47   348672   --a------   C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47   33792   --a------   C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47   321536   --a------   C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47   317440   ---------   C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47   314880   --a------   C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47   295936   ---------   C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47   284160   ---------   C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47   276992   --a------   C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47   27136   --a------   C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47   2603008   ---------   C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47   259072   ---------   C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47   259072   ---------   C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47   2450944   --a------   C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47   242688   --a------   C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47   229376   --a------   C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47   227328   --a------   C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47   222208   --a------   C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47   212992   ---------   C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47   211456   --a------   C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47   204288   --a------   C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47   199168   ---------   C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47   179712   --a------   C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47   175616   --a------   C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47   166912   ---------   C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47   1661440   --a------   C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47   1574912   ---------   C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47   157184   --a------   C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47   154624   --a------   C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47   1543680   ---------   C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47   1382912   ---------   C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47   133632   ---------   C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47   1329152   --a------   C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47   132096   ---------   C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47   130048   ---------   C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47   11264   --a------   C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47   1117696   --a------   C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47   101888   ---------   C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03   100864   --a------   C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00   249856   ---------   C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00   17408   ---------   C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-13 07:35   142336   --a------   C:\WINDOWS\system32\nwprovau.dll
2006-10-02 15:28   312128   ---------   C:\WINDOWS\system32\msdelta.dll
2006-10-02 14:04   806912   --a------   C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 14:04   806912   --a------   C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 14:04   790528   --a------   C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 14:04   635486   --a------   C:\WINDOWS\system32\DivX.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"Second Copy"="\"C:\\PROGRA~1\\SecCopy\\SecCopy.exe\""
"Taskbar Shuffle"="C:\\Program Files\\Taskbar Shuffle\\taskbarshuffle.exe"
"DOpus"="C:\\Program Files\\GPSoftware\\Directory Opus\\dopus.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\not active]
"Democracy Player"="C:\\Program Files\\Participatory Culture Foundation\\Democracy Player\\Democracy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"ShowWnd"="ShowWnd.exe"
"Recguard"="%WINDIR%\\SMINST\\RECGUARD.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"CHotkey"="zHotkey.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\not active]
"Alcmtr"="ALCMTR.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1140813571\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"Mixersel"="C:\\Program Files\\Realtek\\InstallShield\\mixersel.exe"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"SoundMan"="SOUNDMAN.EXE"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"SunKistEM"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,c8,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b9,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDrives"=hex:c8,01,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WD Button Manager"="WDBtnMgr.exe"
"SetIcon"="\\Program Files\\WDC\\SetIcon.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1140813571\\ee\\AOLSoftware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
"backup"="C:\\WINDOWS\\pss\\BigFix.lnkCommon Startup"
"location"="Common Startup"
"item"="BigFix"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleanup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="200583151710_mcappins"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Extended Warranty]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GWCares"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="200583151710_mcinfo"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Ace Optimizer Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-01-01 22:29:10.53
C:\ComboFix.txt ... 07-01-01 22:29

TheTechGuide Forum

News:

Messages - bradfitz

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.

Tech Clinic / I Have "win32.p2p-Worm.Alcan.a" -- please help if you can.