Author Topic: win32.p2p-worm.alcan.a (Read 4785 times)

josh_rowe_hccc · « **Reply #20 on:** July 24, 2005, 09:15:42 PM »

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\untray.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\hijack this new\hijackthis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\COMMAN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096041344343
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E69B4E5B-538A-4353-8FBF-1882D81031C4}: NameServer = 204.117.214.10,65.174.170.16
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: Command AntiVirus Download - Command AntiVirus Download.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avinitnt - Command Software Systems, Inc. - C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: schscnt - Command Software Systems, Inc. - C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:         9:42:39 PM, 7/24/2005
+ Report-Checksum:      9EC00CFA

+ Scan result:

   HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
   HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99802379-7362-40E2-9D28-8A3B9AF880B7} -> Spyware.iLookup : Cleaned with backup
   HKU\S-1-5-21-1957994488-1035525444-682003330-1003\Software\hsb -> Spyware.Hotsearchbar : Cleaned with backup
   HKU\S-1-5-21-1957994488-1035525444-682003330-1003\Software\hsb\ccc -> Spyware.Hotsearchbar : Cleaned with backup
   HKU\S-1-5-21-1957994488-1035525444-682003330-1003\Software\hsb\eee -> Spyware.Hotsearchbar : Cleaned with backup
   HKU\S-1-5-21-1957994488-1035525444-682003330-1003\Software\hsb\rrr -> Spyware.Hotsearchbar : Cleaned with backup
   HKU\S-1-5-21-1957994488-1035525444-682003330-1003\Software\hsb\ttt -> Spyware.Hotsearchbar : Cleaned with backup
   HKU\S-1-5-21-1957994488-1035525444-682003330-1003\Software\hsb\www -> Spyware.Hotsearchbar : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\Cache\4B58DE3Bd01 -> Spyware.MyWebSearch : Cleaned with backup
   :mozilla.9:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   :mozilla.10:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   :mozilla.11:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   :mozilla.12:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.13:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.14:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.15:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.16:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.17:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.18:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.19:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.38:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.39:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.40:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.41:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.42:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.43:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.52:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
   :mozilla.70:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
   :mozilla.72:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
   :mozilla.96:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.97:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.102:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.103:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.104:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.105:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.106:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.107:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.108:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.109:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.110:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.111:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.112:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.113:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.114:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.115:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.116:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.133:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
   :mozilla.134:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
   :mozilla.135:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
   :mozilla.136:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
   :mozilla.137:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.138:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.139:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.140:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.141:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.142:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.143:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.144:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.145:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.146:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.147:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.148:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.149:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.150:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   :mozilla.151:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.152:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.153:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.154:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.155:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.156:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.157:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.158:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.159:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.160:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.161:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.162:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.163:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.164:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.165:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.166:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.169:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.170:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.171:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.172:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.173:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
   :mozilla.174:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
   :mozilla.190:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   :mozilla.191:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   :mozilla.198:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
   :mozilla.199:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   :mozilla.200:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   :mozilla.201:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   :mozilla.202:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   :mozilla.230:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.231:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.232:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.233:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.234:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.246:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
   :mozilla.262:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
   :mozilla.263:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
   :mozilla.274:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
   :mozilla.277:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.278:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.279:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.280:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.281:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.282:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   :mozilla.283:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   :mozilla.284:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.289:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
   :mozilla.326:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
   :mozilla.381:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
   :mozilla.382:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
   :mozilla.397:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Adengage : Cleaned with backup
   :mozilla.398:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Adengage : Cleaned with backup
   :mozilla.399:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Adengage : Cleaned with backup
   :mozilla.403:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
   :mozilla.408:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.409:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.410:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.411:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.412:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.413:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.414:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.417:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
   :mozilla.418:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.419:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.518:C:\Documents and Settings\Meg Brooke\Application Data\Mozilla\Firefox\Profiles\rb8x82ih.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-30219d0a-68968de6.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Cookies\meg brooke@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Cookies\meg brooke@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Cookies\meg brooke@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Cookies\meg [email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\#1 Dvd Ripper 1.3.47.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\#1 Video Converter 3.8.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\123 Flash Menu 1.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\185-ScreenSavers-Collection.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\1Click DVD Copy 4.1.1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\1st Desktop Guard v1.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\2 Blonde Teens [censored] a Huge Cock.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\2 Scoops Double Dipped XXX DVD Rip Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\2G Poster Works v1.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\2Pac - The Way He Wanted It.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\3D Canyon Flight Screensaver 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\3d Studio Max 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\3D-Album Commercial Suite 3.0 + 3.27.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\50 Cent - Get Rich Or Die Tryin.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\50 First Dates (2004).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\7 Seconds DVD Rip Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\7-Zip 4.24.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\700 Flash Games - Easy Instal.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\A Plus PopUp Blocker v2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Ability Office v4.9.000.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Absolute Video Converter v2.5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Absolute Video Converter v2.5.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\ACD Systems ACDSee v7.0.61 PowerPack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\ACD Systems Canvas X 898.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\ACD Systems Canvas X 898.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\AceBackup 2004 2.1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\AceBackup 2004 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\AceHTML Pro 6.05.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Acoo Browser 1.19 Build 226.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Acoustica CD DVD Label Maker 2.39.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Acronis Disk Director Suite 9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Acronis Power Utilities 2005.614.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Acronis Privacy Expert Suite 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Acronis True Imagetrue Image Server 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Ad-Aware SE Personal.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Ad-aware Se Pro 1.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Adobe Acrobat 7 Professional.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Adobe Creative Suite 2 iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Adobe GoLive CS2 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Adobe GoLive CS2 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Adobe Photoshop CS 2 9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Adobe Photoshop CS2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Adobe Photoshop Digital.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Adobe Photoshop.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Adobe Premier Pro 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Advanced Link Catalog 1.07.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Advanced MP3WMA Recorder 5.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Advanced Security Administrator 10.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Advanced Uninstaller Pro 2005 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\AdvancedPicHunter 20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Adware Away 2.2.86.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\AdwareX Eliminator 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Age of Empires 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Agnitum Outpost Firewall Pro 2.5.369.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Ahead.DVD.Ripper.v1.1.2.Incl.GOLD.Crack-TE.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Alcohol 120% 1.95.3105 Retail.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Alicia Rhodes & Her Big Perfect Tits.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\AlienAbduction 1200.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\All In one Paswords Utilities 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\All Maximizer 8.0 Enterprise Products.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\All My Movies 3.5 Build 1193.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\All Nero Products.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\All Starwars movies.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\ALO Audio CD Ripper 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\ALO Audio CD Ripper v1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Alone In The Dark.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\amac address change 1.0.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Annihilator - Never Neverl.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Antenna - Web Design Studio 2.5.105.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Anti Tracks 5.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Anti-Porn .v7.0.6.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Anti-Virus 3.94 for Windows NT2KXP2K3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\AntiVir Personal Edition 6.31.00.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Antiy Ghostbusters StdProAdvanced 4.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Any Password 1.44.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\AnyDVD 4.0.4.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\ApBackUp 2.5.1591.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Apollo DVD Copy SE v4.0.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Apollo DVD Copy v4.3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Apycom Java Menus and Buttons v5.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Are We There Yet (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Area 51 - XBOXDVD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Arial Audio Converter 2.3.5.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Army Men RTS.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Ashampoo Media.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Ashampoo Photo Commander v3.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Ashampoo WinOptimizer Platinum Suite 2 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Ashampoo WinOptimizer Platinum Suite 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\AstroCalendar 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Audiograbber 1.83 SE.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Austin PowersInternational.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\AutoFTP Premium v4.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Automize 6.19 for Windows.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\AutoPlay Menu Builder v5.0.918.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Avant Browser 10.1 b8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Avant Browser 10.1 Beta 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Avast Professional 4.5.546.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Avast Professional Edition 4.6.665.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\AVI-GIF 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Avid Xpress Pro 4.35.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Azureus 2.3.0.5 Beta 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Baby Album - Basic Edition.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Baby ASP Web Server 2.6.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Bad CD Repair Pro 3.05.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\BarCodeWiz Barcode ActiveX Control 1.67.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Batch Script Processor 3.08 for AutoCAD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\BatchRename 2 v2.64.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Batman Begins (2005) DVDRip.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\batman begins.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Battle Realms Winter of the W.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Battle Realms Winter of the Wolf.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Battlefield 2 (DVD).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Battlefield 2 Reloaded iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Battlefield 2 Reloaded.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Battlefield 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Battlefield Vietnam.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\battlefield2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Battles In Normandy.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Be Cool.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\BeFaster 3.55.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\BeFaster v3.54.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Best CD To MP3 Ripper v1.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Bigger.Longer.Uncut.(2002).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Billie Holiday-Complete Decca Records.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Birth 2004.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\BitDefender Pro Plus 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Black Eyed Peas-Monkey Busine.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Black Sabbath.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Blaze Media Pro 6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Blaze VideoMagic 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\BlazeDVD 3 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Blindwrite 5.2.10.142.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\BlindWrite 5.2.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Boilsoft AVI to VCDDVD Converter 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Borland C++ Compiler 5.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Bps Spyware & Adware Remover 9.2.0.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Brave Dwarves Back for Treasu.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Bridge.Construction.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Britney Spears - Baby One More Time.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Britney Spears - I love rock n roll.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Brothers in Arms Road to Hill 30 - Hoo.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Brothers in Arms Road to Hill 30 iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Bruce Springsteen - Darkness on the edge.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Bruce Springsteen - Devils And Dust.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Buddy Guy - Buddy Guy.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Bunbury - Freak Show.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\BVRP FaxTools Expert Network v8.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\CA eTrust EZ Antivir.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Cafe Del Mar - 25th Anniversary CD1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Cafe Del Mar - 25th Anniversary CD2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Cafe Del Mar - 25th Anniversary CD3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Cake - Fashion Nugget Album.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Camtasia Studio 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Camtasia Studio 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\CaptureWizPro v3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Carmen Electra- Playboy DVD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Carnivores City Scape.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Casino Europa 2005 Full CD [BiT].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\CD Menu Author 2.0.0.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\CDCheck 3.1.5.1b.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\CDMenuPro Business Edition 4.100.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Celine Dion - Miracle.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\cFos v6.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Championship Manager 5 ISO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Chat Watch 4.2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\ChatBlocker v2.22.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Chessmaster 8000.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\CHM2HTML Pilot 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Chris PC-Lock.v1.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Cinderella Man (Good Quality).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Circuitmaker 2000.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Civilization III.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Clean Space 9.1 pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Clean Space v9.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\CleanCenter 1.34.60.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\ClipCollect 1.62.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\ClipMate 6.5.09.542.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\CloneCD 5.0.3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\CloneCD 5.2.4.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\CloneDVD 2.7.5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Clonedvd 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\clonedvd 3.5.40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Clubland X-Treme Hardcore.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\CodeStuff Starter 5.6.1.45.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\CoffeeCup HTML Editor 2005G.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Coldplay - Live at Live8, London.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\ComdevOne Admin Suite 3.1 - 15 Component.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Command & Conquer Renegade.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Con Air (200).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\ConceptDraw Project v1.3.6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Conflict Vietnam.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Meg Brooke\Shared\Constantine Xbox.zip/Setup.exe -> Worm.VB.an : Cleaned with b

guestolo · « **Reply #21 on:** July 24, 2005, 10:18:32 PM »

Looking better, how's everything on your end?

Can you do the following
Download and save this File
[attachment=299:attachment]
UNZIP it to your desktop

Double click to run the .vbs script
Allow this to run
A text file will be placed on your desktop
Copy and paste the contents back here

josh_rowe_hccc · « **Reply #22 on:** July 25, 2005, 09:17:27 PM »

Things are gettin better

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'

\' /> when i scanned ad aware there were only 2 aclan things there instead of the normal 7 or how ever many there were

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"CSAV_CheckViruses"="C:\\PROGRA~1\\COMMAN~1\\COMMAN~1\\vchk.exe"
"untray"="C:\\PROGRA~1\\COMMAN~1\\COMMAN~1\\untray.exe"
"avtray"="C:\\PROGRA~1\\COMMAN~1\\COMMAN~1\\avtray.exe"
"dvprpt"="C:\\PROGRA~1\\COMMAN~1\\COMMAN~1\\dvprpt.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers

Subkey --- FProtMenu
{4a479be0-3333-11d0-b519-00400519153f}
C:\Program Files\Command Software\Command AntiVirus\avshext.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- WinRAR

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers

Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk
desktop.ini
==============================
C:\Documents and Settings\Owner\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk
desktop.ini
desktop.ini
==============================
C:\WINDOWS\system32 cpl files

ac3filter.cpl
access.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
B57exp.cpl Broadcom Corporation
bdeadmin.cpl Borland Software Corporation
desk.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
igfxcpl.cpl Intel Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation

guestolo · « **Reply #23 on:** July 25, 2005, 09:28:00 PM »

Can you do me one more favor please

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Open ad-aware and run a full system scan
When the scan's complete

Click the Show Logfile button
Highlight the whole logfile and copy and paste it back here

josh_rowe_hccc · « **Reply #24 on:** July 25, 2005, 09:45:14 PM »

Ad-Aware SE Build 1.05
Logfile Created on:Monday, July 25, 2005 10:30:12 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R55 19.07.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):17 total references
Tracking Cookie(TAC index:3):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

7-25-2005 10:30:12 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office

MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-1957994488-1035525444-682003330-1008\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-1957994488-1035525444-682003330-1008\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-1957994488-1035525444-682003330-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1957994488-1035525444-682003330-1008\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1957994488-1035525444-682003330-1008\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad

MRU List Object Recognized!
Location: : S-1-5-21-1957994488-1035525444-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-1957994488-1035525444-682003330-1008\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-1957994488-1035525444-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-1957994488-1035525444-682003330-1008\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-1957994488-1035525444-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-1957994488-1035525444-682003330-1008\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-1957994488-1035525444-682003330-1008\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 644
ThreadCreationTime : 7-25-2005 2:07:35 AM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 692
ThreadCreationTime : 7-25-2005 2:07:36 AM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 716
ThreadCreationTime : 7-25-2005 2:07:37 AM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 760
ThreadCreationTime : 7-25-2005 2:07:37 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 772
ThreadCreationTime : 7-25-2005 2:07:37 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 940
ThreadCreationTime : 7-25-2005 2:07:38 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1032
ThreadCreationTime : 7-25-2005 2:07:38 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1244
ThreadCreationTime : 7-25-2005 2:07:39 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1276
ThreadCreationTime : 7-25-2005 2:07:39 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [brsvc01a.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1396
ThreadCreationTime : 7-25-2005 2:07:40 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : brother Industries Ltd brsvc01a
CompanyName : brother Industries Ltd
FileDescription : brsvc01a
InternalName : brsvc01a
LegalCopyright : Copyright © Brother Industries, Ltd 2001
OriginalFilename : brsvc01a.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1408
ThreadCreationTime : 7-25-2005 2:07:40 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [brss01a.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1424
ThreadCreationTime : 7-25-2005 2:07:40 AM
BasePriority : Normal
FileVersion : 1.004
ProductVersion : 1, 0, 0, 4
ProductName : brother Industries Ltd brss01a.exe
CompanyName : brother Industries Ltd
FileDescription : brss01a.exe
InternalName : brss01a.exe
LegalCopyright : Copyright ? 2001
OriginalFilename : brss01a.exe
Comments : Brsplproc XP wrapper

#:13 [avinitnt.exe]
FilePath : C:\Program Files\Command Software\Command AntiVirus\
ProcessID : 2012
ThreadCreationTime : 7-25-2005 2:07:47 AM
BasePriority : Normal

#:14 [brmfrmps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2028
ThreadCreationTime : 7-25-2005 2:07:47 AM
BasePriority : Normal
FileVersion : 1.10.10.144
ProductVersion : 1.45.11.403
ProductName : Brother MFL Pro
CompanyName : Brother Industries, Ltd.
FileDescription : Brother Popup Suspend service ( for R/M )
InternalName : Brother Popup Suspend service for Brother MFL-PRO Resource Manager
LegalCopyright : Copyright © 2002 brother
OriginalFilename : BrmfRmps.exe

#:15 [dvpapi.exe]
FilePath : C:\Program Files\Common Files\Command Software\
ProcessID : 124
ThreadCreationTime : 7-25-2005 2:07:47 AM
BasePriority : Normal

#:16 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 216
ThreadCreationTime : 7-25-2005 2:07:47 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:17 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 244
ThreadCreationTime : 7-25-2005 2:07:48 AM
BasePriority : Normal
FileVersion : 7.10.3077
ProductVersion : 7.10.3077
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright© Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:18 [schscnt.exe]
FilePath : C:\Program Files\Command Software\Command AntiVirus\
ProcessID : 272
ThreadCreationTime : 7-25-2005 2:07:48 AM
BasePriority : Normal

#:19 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 328
ThreadCreationTime : 7-25-2005 2:07:48 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 424
ThreadCreationTime : 7-25-2005 2:07:48 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:21 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 560
ThreadCreationTime : 7-25-2005 2:07:51 AM
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:22 [brmfrsmg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 596
ThreadCreationTime : 7-25-2005 2:07:51 AM
BasePriority : Normal
FileVersion : 1.45.15.340
ProductVersion : 1.45.15.340
ProductName : Brother MFL Pro
CompanyName : Brother Industries, Ltd.
FileDescription : Brother MFL Pro Resource Manager
InternalName : BrmfRsmg for Windows2000
LegalCopyright : Copyright © 1996-2001 Brother Industries, Ltd.
OriginalFilename : BrmfRsmg.exe

#:23 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2360
ThreadCreationTime : 7-25-2005 2:44:39 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:24 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2692
ThreadCreationTime : 7-25-2005 2:44:42 AM
BasePriority : Normal
FileVersion : 3.0.0.2285
ProductVersion : 7.0.0.2285
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE

#:25 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 2640
ThreadCreationTime : 7-25-2005 2:44:42 AM
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:26 [untray.exe]
FilePath : C:\PROGRA~1\COMMAN~1\COMMAN~1\
ProcessID : 372
ThreadCreationTime : 7-25-2005 2:44:42 AM
BasePriority : Normal

#:27 [avtray.exe]
FilePath : C:\PROGRA~1\COMMAN~1\COMMAN~1\
ProcessID : 1312
ThreadCreationTime : 7-25-2005 2:44:42 AM
BasePriority : Normal

#:28 [dvprpt.exe]
FilePath : C:\PROGRA~1\COMMAN~1\COMMAN~1\
ProcessID : 2724
ThreadCreationTime : 7-25-2005 2:44:43 AM
BasePriority : Normal

#:29 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 2844
ThreadCreationTime : 7-25-2005 2:44:43 AM
BasePriority : Normal
FileVersion : 5.9.3690
ProductVersion : 5.9.3690
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:30 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1200
ThreadCreationTime : 7-25-2005 8:42:50 PM
BasePriority : Normal

#:31 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1692
ThreadCreationTime : 7-25-2005 8:42:50 PM
BasePriority : High

#:32 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2588
ThreadCreationTime : 7-25-2005 8:42:59 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:33 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2312
ThreadCreationTime : 7-25-2005 8:43:00 PM
BasePriority : Normal
FileVersion : 3.0.0.2285
ProductVersion : 7.0.0.2285
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE

#:34 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 2288
ThreadCreationTime : 7-25-2005 8:43:00 PM
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:35 [untray.exe]
FilePath : C:\PROGRA~1\COMMAN~1\COMMAN~1\
ProcessID : 2664
ThreadCreationTime : 7-25-2005 8:43:01 PM
BasePriority : Normal

#:36 [avtray.exe]
FilePath : C:\PROGRA~1\COMMAN~1\COMMAN~1\
ProcessID : 2392
ThreadCreationTime : 7-25-2005 8:43:02 PM
BasePriority : Normal

#:37 [dvprpt.exe]
FilePath : C:\PROGRA~1\COMMAN~1\COMMAN~1\
ProcessID : 488
ThreadCreationTime : 7-25-2005 8:43:02 PM
BasePriority : Normal

#:38 [aim+.exe]
FilePath : C:\Program Files\AIM+\
ProcessID : 2412
ThreadCreationTime : 7-25-2005 8:45:32 PM
BasePriority : Normal
FileVersion : 2, 2, 1, 65
ProductVersion : 2, 2, 1, 65
ProductName : AIM+
CompanyName : Big-O Software
FileDescription : AIM+
InternalName : AIM+
LegalCopyright : Copyright © 2001
OriginalFilename : AIM+.exe
Comments : [ 06.10.2002 ]

#:39 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 2836
ThreadCreationTime : 7-25-2005 8:45:32 PM
BasePriority : Normal
FileVersion : 5.9.3690
ProductVersion : 5.9.3690
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:40 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3812
ThreadCreationTime : 7-26-2005 2:15:21 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:41 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1240
ThreadCreationTime : 7-26-2005 2:21:25 AM
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:42 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 952
ThreadCreationTime : 7-26-2005 2:23:02 AM
BasePriority : Normal

#:43 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2376
ThreadCreationTime : 7-26-2005 2:30:05 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@atdmt[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 7-24-2010 8:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@mediaplex[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 6-21-2009 8:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 19

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : meg brooke@2o7[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Meg Brooke\Cookies\meg brooke@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : meg brooke@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Meg Brooke\Cookies\meg brooke@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : meg brooke@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Meg Brooke\Cookies\meg brooke@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : meg [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Meg Brooke\Cookies\meg [email protected][2].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
11 entries scanned.
New critical objects:0
Objects found so far: 23

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23

10:42:43 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:30.625
Objects scanned:144807
Objects identified:6
Objects ignored:0
New critical objects:6

This time no sign of the worm

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' /> thx greatly appreciated!!!!!!!!!

guestolo · « **Reply #25 on:** July 25, 2005, 10:07:02 PM »

Yup, looks good except for some bad cookies
We should update you to the latest version of Ad-Aware
Personally I like to uninstall the old version from Add/Remove programs and then install the latest version
Others have no problems allowing the new version installation take care of the old version when installing

Here's a direct link to Ad-Aware SE Personal 1.06

You should make sure it's updated and run another scan with it

After that,
If everything is running better, please do the following
You should disable system restore---restart your computer--enable system restore
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature

Once back in Windows and System Restore is reenabled

You should set up protection against future attacks
SpywareBlaster 3.4 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply click the "enable all protection"

You should also consider updating Windows to Service Pack 2
This is important in keeping your system secure
Please see these links
http://www.microsoft.com/windowsxp/sp2/topten.mspx
http://www.microsoft.com/windowsxp/sp2/default.mspx

josh_rowe_hccc · « **Reply #26 on:** July 26, 2005, 02:31:04 PM »

K i did all of the above. Is there any of the programs i should remove or keep from deleteing the worm?

guestolo · « **Reply #27 on:** August 01, 2005, 10:45:34 PM »

Sorry for the delay, had a busy weekend

Optional for you to keep
Ewido>>Yours for free, you may consider hanging onto it
CleanUp!>>Again, you may want to hang onto it

You can manually remove Killbox, WpFind and L2Mfix

Any others let me know

TheTechGuide Forum

News:

Author Topic: win32.p2p-worm.alcan.a (Read 4785 times)

josh_rowe_hccc

win32.p2p-worm.alcan.a

guestolo

win32.p2p-worm.alcan.a

josh_rowe_hccc

win32.p2p-worm.alcan.a

guestolo

win32.p2p-worm.alcan.a

josh_rowe_hccc

win32.p2p-worm.alcan.a

guestolo

win32.p2p-worm.alcan.a

josh_rowe_hccc

win32.p2p-worm.alcan.a

guestolo

win32.p2p-worm.alcan.a