stevepole Posted November 12, 2005 Share Posted November 12, 2005 how do i get rid of Win32.P2P-Worm.Alcan.a? Oh and does anyone know why my mouse stops working when i go into safe mode or about once every two months? Link to comment Share on other sites More sharing options...
djdylan1993 Posted November 12, 2005 Share Posted November 12, 2005 Download AVG http://www.grisoft.com/doc/1 and fun a full system scan. BTW you really should stop using filesharing software. it can seriously mess up your computer. plus it IS illegal. if that doesnt get rid of it you may have to format your hard-drive. Link to comment Share on other sites More sharing options...
coltm4carbine Posted November 12, 2005 Share Posted November 12, 2005 ok reformatting is a bit too drastic. The files found should be in your Restore Points. If you are sure your computer is working fine (apart from the malware) you can get rid of the (infected) System restore points. you can to this by following this procedure by following the instructions here: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam Link to comment Share on other sites More sharing options...
stevepole Posted November 12, 2005 Author Share Posted November 12, 2005 i got the worm before i fileshared so its not from filesharing....... thx for all the help im going to check that site out edit: heres the scan log doesnt look like the deleteing of my restore points worked Ad-Aware SE Build 1.06r1 Logfile Created on:Saturday, November 12, 2005 11:00:25 AM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R74 09.11.2005 ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû References detected during the scan: ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû MRU List(TAC index:0):4 total references Tracking Cookie(TAC index:3):2 total references Win32.P2P-Worm.Alcan.a(TAC index:8):9 total references ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû Definition File: ========================= Definitions File Loaded: Reference Number : SE1R74 09.11.2005 Internal build : 86 File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref File size : 540082 Bytes Total size : 1622678 Bytes Signature data size : 1589004 Bytes Reference data size : 33162 Bytes Signatures total : 45269 CSI Fingerprints total : 1076 CSI data size : 30430 Bytes Target categories : 15 Target families : 772 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium III Memory available:32 % Total physical memory:458224 kb Available physical memory:143024 kb Total page file size:1082844 kb Available on page file:797028 kb Total virtual memory:2097024 kb Available virtual memory:2040324 kb OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Obtain command line of scanned processes Set : Run scan as background process (Low CPU usage) Set : Scan registry for all users instead of current user only Set : Use permanent archive caching Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 11-12-2005 11:00:25 AM - Scan started. (Smart mode) Listing running processes ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû #:1 [smss[Caution: ExecutableFile]] ModuleName : \SystemRoot\System32\smss[Caution: ExecutableFile] Command Line : n/a ProcessID : 556 ThreadCreationTime : 11-12-2005 6:39:18 PM BasePriority : Normal #:2 [csrss[Caution: ExecutableFile]] ModuleName : \??\C:\WINDOWS\system32\csrss[Caution: ExecutableFile] Command Line : C:\WINDOWS\system32\csrss[Caution: ExecutableFile] ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh ProcessID : 608 ThreadCreationTime : 11-12-2005 6:39:31 PM BasePriority : Normal #:3 [winlogon[Caution: ExecutableFile]] ModuleName : \??\C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] Command Line : winlogon[Caution: ExecutableFile] ProcessID : 632 ThreadCreationTime : 11-12-2005 6:39:34 PM BasePriority : High #:4 [services[Caution: ExecutableFile]] ModuleName : C:\WINDOWS\system32\services[Caution: ExecutableFile] Command Line : C:\WINDOWS\system32\services[Caution: ExecutableFile] ProcessID : 676 ThreadCreationTime : 11-12-2005 6:39:37 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services[Caution: ExecutableFile] LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : services[Caution: ExecutableFile] #:5 [lsass[Caution: ExecutableFile]] ModuleName : C:\WINDOWS\system32\lsass[Caution: ExecutableFile] Command Line : C:\WINDOWS\system32\lsass[Caution: ExecutableFile] ProcessID : 688 ThreadCreationTime : 11-12-2005 6:39:38 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass[Caution: ExecutableFile] LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : lsass[Caution: ExecutableFile] #:6 [svchost[Caution: ExecutableFile]] ModuleName : C:\WINDOWS\system32\svchost[Caution: ExecutableFile] Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch ProcessID : 832 ThreadCreationTime : 11-12-2005 6:39:43 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost[Caution: ExecutableFile] LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : svchost[Caution: ExecutableFile] #:7 [svchost[Caution: ExecutableFile]] ModuleName : C:\WINDOWS\system32\svchost[Caution: ExecutableFile] Command Line : C:\WINDOWS\system32\svchost -k rpcss ProcessID : 912 ThreadCreationTime : 11-12-2005 6:39:47 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost[Caution: ExecutableFile] LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : svchost[Caution: ExecutableFile] #:8 [svchost[Caution: ExecutableFile]] ModuleName : C:\WINDOWS\System32\svchost[Caution: ExecutableFile] Command Line : C:\WINDOWS\System32\svchost[Caution: ExecutableFile] -k netsvcs ProcessID : 964 ThreadCreationTime : 11-12-2005 6:39:48 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost[Caution: ExecutableFile] LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : svchost[Caution: ExecutableFile] #:9 [svchost[Caution: ExecutableFile]] ModuleName : C:\WINDOWS\system32\svchost[Caution: ExecutableFile] Command Line : C:\WINDOWS\system32\svchost[Caution: ExecutableFile] -k NetworkService ProcessID : 1056 ThreadCreationTime : 11-12-2005 6:39:48 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost[Caution: ExecutableFile] LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : svchost[Caution: ExecutableFile] #:10 [svchost[Caution: ExecutableFile]] ModuleName : C:\WINDOWS\system32\svchost[Caution: ExecutableFile] Command Line : C:\WINDOWS\system32\svchost[Caution: ExecutableFile] -k LocalService ProcessID : 1108 ThreadCreationTime : 11-12-2005 6:39:49 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost[Caution: ExecutableFile] LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : svchost[Caution: ExecutableFile] #:11 [spoolsv[Caution: ExecutableFile]] ModuleName : C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] Command Line : C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] ProcessID : 1244 ThreadCreationTime : 11-12-2005 6:39:57 PM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv[Caution: ExecutableFile] LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv[Caution: ExecutableFile] #:12 [rstrui[Caution: ExecutableFile]] ModuleName : C:\WINDOWS\system32\Restore\rstrui[Caution: ExecutableFile] Command Line : "C:\WINDOWS\system32\Restore\rstrui[Caution: ExecutableFile]" ProcessID : 1328 ThreadCreationTime : 11-12-2005 6:39:59 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : System Restore Application InternalName : RSTRUI[Caution: ExecutableFile] LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : RSTRUI[Caution: ExecutableFile] #:13 [nvsvc32[Caution: ExecutableFile]] ModuleName : C:\WINDOWS\system32\nvsvc32[Caution: ExecutableFile] Command Line : C:\WINDOWS\system32\nvsvc32[Caution: ExecutableFile] ProcessID : 1384 ThreadCreationTime : 11-12-2005 6:39:59 PM BasePriority : Normal FileVersion : 6.14.10.6176 ProductVersion : 6.14.10.6176 ProductName : NVIDIA Driver Helper Service, Version 61.76 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 61.76 InternalName : NVSVC LegalCopyright : © NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32[Caution: ExecutableFile] #:14 [prismxl.sys] ModuleName : C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS Command Line : "C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS" ProcessID : 1400 ThreadCreationTime : 11-12-2005 6:40:00 PM BasePriority : Normal FileVersion : 6.0.1.22 ProductVersion : 6.0.1.22 ProductName : PrismXL Software Family CompanyName : New Boundary Technologies, Inc. FileDescription : PrismXL Service InternalName : PrismXL Service LegalCopyright : ÃÆââ¬Å¡Ãâé 1997-2004 New Boundary Technologies OriginalFilename : PrismXL.sys #:15 [svchost[Caution: ExecutableFile]] ModuleName : C:\WINDOWS\system32\svchost[Caution: ExecutableFile] Command Line : C:\WINDOWS\system32\svchost[Caution: ExecutableFile] -k imgsvc ProcessID : 1432 ThreadCreationTime : 11-12-2005 6:40:01 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost[Caution: ExecutableFile] LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : svchost[Caution: ExecutableFile] #:16 [wdfmgr[Caution: ExecutableFile]] ModuleName : C:\WINDOWS\system32\wdfmgr[Caution: ExecutableFile] Command Line : C:\WINDOWS\system32\wdfmgr[Caution: ExecutableFile] ProcessID : 1448 ThreadCreationTime : 11-12-2005 6:40:01 PM BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr[Caution: ExecutableFile] #:17 [mspmspsv[Caution: ExecutableFile]] ModuleName : C:\WINDOWS\system32\MsPMSPSv[Caution: ExecutableFile] Command Line : C:\WINDOWS\system32\MsPMSPSv[Caution: ExecutableFile] ProcessID : 1484 ThreadCreationTime : 11-12-2005 6:40:02 PM BasePriority : Normal FileVersion : 7.00.00.1956 ProductVersion : 7.00.00.1956 ProductName : Microsoft ® DRM CompanyName : Microsoft Corporation FileDescription : WMDM PMSP Service InternalName : MSPMSPSV[Caution: ExecutableFile] LegalCopyright : Copyright © Microsoft Corp. 1981-2000 OriginalFilename : MSPMSPSV[Caution: ExecutableFile] #:18 [explorer[Caution: ExecutableFile]] ModuleName : C:\WINDOWS\Explorer[Caution: ExecutableFile] Command Line : C:\WINDOWS\Explorer[Caution: ExecutableFile] ProcessID : 1984 ThreadCreationTime : 11-12-2005 6:40:21 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER[Caution: ExecutableFile] #:19 [alg[Caution: ExecutableFile]] ModuleName : C:\WINDOWS\System32\alg[Caution: ExecutableFile] Command Line : C:\WINDOWS\System32\alg[Caution: ExecutableFile] ProcessID : 120 ThreadCreationTime : 11-12-2005 6:40:22 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG[Caution: ExecutableFile] LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : ALG[Caution: ExecutableFile] #:20 [trayserver[Caution: ExecutableFile]] ModuleName : C:\Program Files\Common Files\stardock\TrayServer[Caution: ExecutableFile] Command Line : "C:\Program Files\Common Files\stardock\TrayServer[Caution: ExecutableFile]" ProcessID : 588 ThreadCreationTime : 11-12-2005 6:40:41 PM BasePriority : Normal FileVersion : v1.55 ProductVersion : v1.55 ProductName : TrayServer CompanyName : Stardock FileDescription : ObjectBar TrayServer InternalName : TrayServer LegalCopyright : Copyright ÃÆââ¬Å¡Ãâé 2000-2003 Jeff Bargmann, ÃÆââ¬Å¡Ãâé 2000-2003 Stardock Inc OriginalFilename : TrayServer[Caution: ExecutableFile] Comments : For use with Stardock's ObjectBar and DesktopX #:21 [rundll32[Caution: ExecutableFile]] ModuleName : C:\WINDOWS\system32\RUNDLL32[Caution: ExecutableFile] Command Line : "C:\WINDOWS\system32\RUNDLL32[Caution: ExecutableFile]" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit ProcessID : 848 ThreadCreationTime : 11-12-2005 6:40:41 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : Run a DLL as an App InternalName : rundll LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : RUNDLL[Caution: ExecutableFile] #:22 [nvmixertray[Caution: ExecutableFile]] ModuleName : C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray[Caution: ExecutableFile] Command Line : "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray[Caution: ExecutableFile]" ProcessID : 1028 ThreadCreationTime : 11-12-2005 6:40:42 PM BasePriority : Normal #:23 [pdvdserv[Caution: ExecutableFile]] ModuleName : C:\Program Files\CyberLink\PowerDVD\PDVDServ[Caution: ExecutableFile] Command Line : "C:\Program Files\CyberLink\PowerDVD\PDVDServ[Caution: ExecutableFile]" ProcessID : 1008 ThreadCreationTime : 11-12-2005 6:40:43 PM BasePriority : Normal FileVersion : 5.00.0000 ProductVersion : 5.00.0000 ProductName : PowerDVD CompanyName : Cyberlink Corp. FileDescription : PowerDVD RC Service InternalName : PowerDVD RC Service LegalCopyright : Copyright © CyberLink Corp. 1997-2002 OriginalFilename : PDVDSERV[Caution: ExecutableFile] #:24 [shwiconem[Caution: ExecutableFile]] ModuleName : C:\Program Files\Digital Media Reader\shwiconem[Caution: ExecutableFile] Command Line : "C:\Program Files\Digital Media Reader\shwiconem[Caution: ExecutableFile]" ProcessID : 1104 ThreadCreationTime : 11-12-2005 6:40:44 PM BasePriority : Idle FileVersion : 1, 4, 0, 8 ProductVersion : 1, 4, 0, 8 ProductName : Multimedia Card Reader CompanyName : Alcor Micro, Corp. LegalCopyright : Copyright c 2002 #:25 [hpztsb09[Caution: ExecutableFile]] ModuleName : C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09[Caution: ExecutableFile] Command Line : "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09[Caution: ExecutableFile]" ProcessID : 1128 ThreadCreationTime : 11-12-2005 6:40:45 PM BasePriority : Normal FileVersion : 2.241.0.0 ProductVersion : 2.241.0.0 ProductName : HP DeskJet CompanyName : HP LegalCopyright : Copyright © Hewlett-Packard Company 1999-2003 #:26 [hpcmpmgr[Caution: ExecutableFile]] ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr[Caution: ExecutableFile] Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr[Caution: ExecutableFile]" ProcessID : 1196 ThreadCreationTime : 11-12-2005 6:40:46 PM BasePriority : Normal FileVersion : 2.1.1.0 ProductVersion : 2.1.4 ProductName : hp coretech (COmponent REuse TECHnology) CompanyName : Hewlett-Packard Company FileDescription : HP Framework Component Manager Service InternalName : HPComponentManagerService module LegalCopyright : Copyright © Hewlett-Packard. 2002-2003 OriginalFilename : HpCmpMgr[Caution: ExecutableFile] #:27 [hpwuschd2[Caution: ExecutableFile]] ModuleName : C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2[Caution: ExecutableFile] Command Line : "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2[Caution: ExecutableFile]" ProcessID : 1212 ThreadCreationTime : 11-12-2005 6:40:46 PM BasePriority : Normal FileVersion : 2, 0, 37, 0 ProductVersion : 2, 0, 37, 0 ProductName : Hewlett-Packard hpwuSchd CompanyName : Hewlett-Packard FileDescription : hpwuSchd InternalName : hpwuSchd LegalCopyright : Copyright ÃÆââ¬Å¡Ãâé 2003 OriginalFilename : hpwuSchd2[Caution: ExecutableFile] #:28 [hphmon05[Caution: ExecutableFile]] ModuleName : C:\WINDOWS\system32\hphmon05[Caution: ExecutableFile] Command Line : "C:\WINDOWS\system32\hphmon05[Caution: ExecutableFile]" ProcessID : 1220 ThreadCreationTime : 11-12-2005 6:40:47 PM BasePriority : Normal FileVersion : 5,2,10 ProductVersion : 5,2,10 ProductName : HP Photosmart CompanyName : Hewlett-Packard FileDescription : HPHmon05 InternalName : HPHmon05 LegalCopyright : Copyright © 2003 OriginalFilename : HPHmon05[Caution: ExecutableFile] #:29 [qttask[Caution: ExecutableFile]] ModuleName : C:\Program Files\QuickTime\qttask[Caution: ExecutableFile] Command Line : "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime ProcessID : 1320 ThreadCreationTime : 11-12-2005 6:40:47 PM BasePriority : Normal FileVersion : 6.5.1 ProductVersion : QuickTime 6.5.1 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : ÃÆââ¬Å¡Ãâé Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask[Caution: ExecutableFile] #:30 [ituneshelper[Caution: ExecutableFile]] ModuleName : C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile] Command Line : "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]" ProcessID : 1420 ThreadCreationTime : 11-12-2005 6:40:48 PM BasePriority : Normal FileVersion : 4.9.0.17 ProductVersion : 4.9.0.17 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : ÃÆââ¬Å¡Ãâé 2003-2005 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iTunesHelper[Caution: ExecutableFile] #:31 [winupdates[Caution: ExecutableFile]] ModuleName : C:\Program Files\winupdates\winupdates[Caution: ExecutableFile] Command Line : "C:\Program Files\winupdates\winupdates[Caution: ExecutableFile]" /auto ProcessID : 1660 ThreadCreationTime : 11-12-2005 6:40:49 PM BasePriority : Normal FileVersion : 3.06 ProductVersion : 3.06 ProductName : inno setup CompanyName : inno setup FileDescription : inno setup InternalName : Setup LegalCopyright : inno setup LegalTrademarks : inno setup OriginalFilename : Setup[Caution: ExecutableFile] Comments : inno setup #:32 [bartshel[Caution: ExecutableFile]] ModuleName : C:\Program Files\PeoplePC\ISP6230\Browser\Bartshel[Caution: ExecutableFile] Command Line : "C:\Program Files\PeoplePC\ISP6230\Browser\Bartshel[Caution: ExecutableFile]" -EMBSILENT -EMBPAGE C:\Program Files\PeoplePC\ISP6230\hta\station.brt ProcessID : 1360 ThreadCreationTime : 11-12-2005 6:40:50 PM BasePriority : Normal FileVersion : 6, 2, 1, 283 ProductVersion : 6, 2, 0, 0 ProductName : PeoplePC BartShell Module CompanyName : PeoplePC FileDescription : BartShell Module InternalName : BartShell LegalCopyright : Copyright ÃÆââ¬Å¡Ãâé 2005 PeoplePC OriginalFilename : BartShel[Caution: ExecutableFile] #:33 [msmsgs[Caution: ExecutableFile]] ModuleName : C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] Command Line : "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background ProcessID : 1444 ThreadCreationTime : 11-12-2005 6:40:50 PM BasePriority : Normal FileVersion : 4.7.3001 ProductVersion : Version 4.7.3001 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Windows Messenger InternalName : msmsgs LegalCopyright : Copyright © Microsoft Corporation 2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs[Caution: ExecutableFile] #:34 [msnmsgr[Caution: ExecutableFile]] ModuleName : C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile] Command Line : "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background ProcessID : 1696 ThreadCreationTime : 11-12-2005 6:40:50 PM BasePriority : Normal FileVersion : 7.5.0311 ProductVersion : 7.5.0311 ProductName : MSN Messenger CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr LegalCopyright : Copyright © Microsoft Corporation 1997-2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msnmsgr[Caution: ExecutableFile] #:35 [googletalk[Caution: ExecutableFile]] ModuleName : C:\Program Files\Google\Google Talk\googletalk[Caution: ExecutableFile] Command Line : "C:\Program Files\Google\Google Talk\googletalk[Caution: ExecutableFile]" /autostart ProcessID : 1744 ThreadCreationTime : 11-12-2005 6:40:51 PM BasePriority : Normal FileVersion : 1,0,0,72 ProductVersion : 1,0,0,72 ProductName : Google Talk CompanyName : Google FileDescription : Google Talk InternalName : Google Talk LegalCopyright : Copyright © 2005 OriginalFilename : googletalk[Caution: ExecutableFile] #:36 [ipodservice[Caution: ExecutableFile]] ModuleName : C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] Command Line : "C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]" ProcessID : 1740 ThreadCreationTime : 11-12-2005 6:40:52 PM BasePriority : Normal FileVersion : 4.9.0.17 ProductVersion : 4.9.0.17 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : ÃÆââ¬Å¡Ãâé 2003-2005 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iPodService[Caution: ExecutableFile] #:37 [hpzipm12[Caution: ExecutableFile]] ModuleName : C:\WINDOWS\system32\HPZipm12[Caution: ExecutableFile] Command Line : C:\WINDOWS\system32\HPZipm12[Caution: ExecutableFile] ProcessID : 1940 ThreadCreationTime : 11-12-2005 6:40:58 PM BasePriority : Normal FileVersion : 7, 0, 0, 0 ProductVersion : 7, 0, 0, 0 ProductName : HP PML CompanyName : HP FileDescription : PML Driver InternalName : PmlDrv LegalCopyright : Copyright ÃÆââ¬Å¡Ãâé 1998, 1999 Hewlett-Packard Company OriginalFilename : PmlDrv[Caution: ExecutableFile] #:38 [bigfix[Caution: ExecutableFile]] ModuleName : C:\Program Files\BigFix\BigFix[Caution: ExecutableFile] Command Line : "C:\Program Files\BigFix\BigFix[Caution: ExecutableFile]" /atstartup ProcessID : 1928 ThreadCreationTime : 11-12-2005 6:40:59 PM BasePriority : Normal FileVersion : 1, 7, 6, 0 ProductVersion : 1, 7, 6, 0 ProductName : BigFix CompanyName : BigFix Inc. FileDescription : BigFix Client Application InternalName : BigFix LegalCopyright : Copyright ÃÆââ¬Å¡Ãâé 2002 OriginalFilename : BigFix[Caution: ExecutableFile] #:39 [ppshared[Caution: ExecutableFile]] ModuleName : C:\PROGRA~1\PeoplePC\ISP6230\Browser\PPShared[Caution: ExecutableFile] Command Line : C:\PROGRA~1\PeoplePC\ISP6230\Browser\PPShared[Caution: ExecutableFile] -Embedding ProcessID : 2052 ThreadCreationTime : 11-12-2005 6:41:00 PM BasePriority : Normal FileVersion : 6, 2, 1, 6 ProductVersion : 6, 2, 0, 0 ProductName : PPShared Module CompanyName : PeoplePC FileDescription : PPShared Module InternalName : PPShared LegalCopyright : Copyright ÃÆââ¬Å¡Ãâé 2005 PeoplePC OriginalFilename : PPShared[Caution: ExecutableFile] #:40 [bartshel[Caution: ExecutableFile]] ModuleName : C:\Program Files\PeoplePC\ISP6230\Browser\Bartshel[Caution: ExecutableFile] Command Line : "C:\Program Files\PeoplePC\ISP6230\Browser\Bartshel[Caution: ExecutableFile]" -EmbPAGE C:\Program Files\PeoplePC\ISP6230\hta\main.brt ProcessID : 2440 ThreadCreationTime : 11-12-2005 6:41:32 PM BasePriority : Normal FileVersion : 6, 2, 1, 283 ProductVersion : 6, 2, 0, 0 ProductName : PeoplePC BartShell Module CompanyName : PeoplePC FileDescription : BartShell Module InternalName : BartShell LegalCopyright : Copyright ÃÆââ¬Å¡Ãâé 2005 PeoplePC OriginalFilename : BartShel[Caution: ExecutableFile] #:41 [limewire[Caution: ExecutableFile]] ModuleName : C:\Program Files\LimeWire\LimeWire[Caution: ExecutableFile] Command Line : "C:\Program Files\LimeWire\LimeWire[Caution: ExecutableFile]" ProcessID : 2512 ThreadCreationTime : 11-12-2005 6:41:53 PM BasePriority : Normal FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : LimeWire CompanyName : Lime Wire, LLC FileDescription : LimeWire InternalName : LimeWire LegalCopyright : Copyright © 2004 OriginalFilename : LimeWire[Caution: ExecutableFile] Comments : The most advanced file sharing program on the planet. #:42 [notepad[Caution: ExecutableFile]] ModuleName : C:\WINDOWS\system32\notepad[Caution: ExecutableFile] Command Line : "C:\WINDOWS\system32\notepad[Caution: ExecutableFile]" ProcessID : 3296 ThreadCreationTime : 11-12-2005 6:46:51 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftÃÆââ¬Å¡Ãâî WindowsÃÆââ¬Å¡Ãâî Operating System CompanyName : Microsoft Corporation FileDescription : Notepad InternalName : Notepad LegalCopyright : ÃÆââ¬Å¡Ãâé Microsoft Corporation. All rights reserved. OriginalFilename : NOTEPAD[Caution: ExecutableFile] #:43 [ad-aware[Caution: ExecutableFile]] ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware[Caution: ExecutableFile] Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware[Caution: ExecutableFile]" ProcessID : 3804 ThreadCreationTime : 11-12-2005 7:00:19 PM BasePriority : Idle FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware[Caution: ExecutableFile] LegalCopyright : Copyright ÃÆââ¬Å¡Ãâé Lavasoft AB Sweden OriginalFilename : Ad-Aware[Caution: ExecutableFile] Comments : All Rights Reserved Memory scan result: ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû New critical objects: 0 Objects found so far: 0 Started registry scan ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû Registry Scan result: ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû New critical objects: 0 Objects found so far: 0 Started deep registry scan ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû Deep registry scan result: ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû New critical objects: 0 Objects found so far: 0 Started Tracking Cookie scan ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@valueclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:[email protected]/ Expires : 11-5-2030 5:21:56 PM LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@doubleclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:[email protected]/ Expires : 11-11-2005 5:35:54 PM LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking cookie scan result: ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû New critical objects: 2 Objects found so far: 2 Deep scanning and examining files... ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû Disk Scan Result for C:\WINDOWS ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû New critical objects: 0 Objects found so far: 2 Win32.P2P-Worm.Alcan.a Object Recognized! Type : File Data : bszip.dll TAC Rating : 8 Category : Worm Comment : Object : C:\WINDOWS\system32\ FileVersion : 3.0.2.0 ProductVersion : 3.02 ProductName : BigSpeed Zip DLL CompanyName : BigSpeedSoft InternalName : bszip.dll LegalCopyright : © BigSpeedSoft LegalTrademarks : BigSpeed is a trademark of BigSpeedSoft OriginalFilename : bszip.dll Disk Scan Result for C:\WINDOWS\system32 ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû New critical objects: 0 Objects found so far: 3 Disk Scan Result for C:\DOCUME~1\Owner\LOCALS~1\Temp\ ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû New critical objects: 0 Objects found so far: 3 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû Hosts file scan result: ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû 1 entries scanned. New critical objects:0 Objects found so far: 3 MRU List Object Recognized! Location: : C:\Documents and Settings\Owner\recent Description : list of recently opened documents MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw Performing conditional scans... ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû Win32.P2P-Worm.Alcan.a Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Worm Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\downloadmanager Win32.P2P-Worm.Alcan.a Object Recognized! Type : File Data : cmd.com TAC Rating : 8 Category : Worm Comment : Object : C:\WINDOWS\system32\ Win32.P2P-Worm.Alcan.a Object Recognized! Type : File Data : netstat.com TAC Rating : 8 Category : Worm Comment : Object : C:\WINDOWS\system32\ Win32.P2P-Worm.Alcan.a Object Recognized! Type : File Data : ping.com TAC Rating : 8 Category : Worm Comment : Object : C:\WINDOWS\system32\ Win32.P2P-Worm.Alcan.a Object Recognized! Type : File Data : regedit.com TAC Rating : 8 Category : Worm Comment : Object : C:\WINDOWS\system32\ Win32.P2P-Worm.Alcan.a Object Recognized! Type : File Data : taskkill.com TAC Rating : 8 Category : Worm Comment : Object : C:\WINDOWS\system32\ Win32.P2P-Worm.Alcan.a Object Recognized! Type : File Data : tasklist.com TAC Rating : 8 Category : Worm Comment : Object : C:\WINDOWS\system32\ Win32.P2P-Worm.Alcan.a Object Recognized! Type : File Data : tracert.com TAC Rating : 8 Category : Worm Comment : Object : C:\WINDOWS\system32\ Conditional scan result: ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû New critical objects: 8 Objects found so far: 15 11:08:49 AM Scan Complete Summary Of This Scan ÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡ÃâûÃÆââ¬Å¡Ãâû Total scanning time:00:08:24.94 Objects scanned:69994 Objects identified:11 Objects ignored:0 New critical objects:11 Link to comment Share on other sites More sharing options...
stevepole Posted November 17, 2005 Author Share Posted November 17, 2005 bump i still need help Link to comment Share on other sites More sharing options...
coltm4carbine Posted November 17, 2005 Share Posted November 17, 2005 got a log from your antiviruses? Link to comment Share on other sites More sharing options...
DJpailo Posted November 19, 2005 Share Posted November 19, 2005 post a hijack this log. to disable windows messenger: http://www.itc.virginia.edu/desktop/docs/messagepopup/ And the actual programme, a plug in is provided for free from http://www.lavasoftusa.com you just gotta have ad-aware se to use the plug in. also clean your temporary files using http://www.ccleaner.com Link to comment Share on other sites More sharing options...
coltm4carbine Posted November 19, 2005 Share Posted November 19, 2005 a hjt log won't help too much- when we already know a trojan/virus is running on the pc. Link to comment Share on other sites More sharing options...
DJpailo Posted November 19, 2005 Share Posted November 19, 2005 a hjt log won't help too much- when we already know a trojan/virus is running on the pc. I have been reading a few forums and It is triggered by a programme called bearshare (if you are using it for free). Link to comment Share on other sites More sharing options...
coltm4carbine Posted November 19, 2005 Share Posted November 19, 2005 or you can do this: If you chose to clean your computer from what Ad-aware found, please follow these instructions belowÃÆââââ¬Å¡Ã¬Ãâæ Please make sure that you are using the *latest* definition file. If not, run webupdate - feature. Launch Ad-Aware SE and click on the gear to access the Configuration menu. Please make sure that this setting is applied; Click on Tweak => Cleaning engine => UNcheck "Always try to unload modules before deletion". Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running. Then please boot into Safe Mode To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder); Run CCleaner to help in this process. Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!) * C:\Windows\Temp\ * C:\Documents and Settings\\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies. * C:\Documents and Settings\\Local Settings\Temp\ * C:\Documents and Settings\\Local Settings\Temporary Internet Files\ * C:\Documents and Settings\\Local Settings\Temp\ * Empty your "Recycle Bin". Run Ad-Aware SE from the command lines shown in the instructions shown below. Click "Start" > select "Run" > type the text shown bolded below (including the quotation marks and with the same spacing as shown) "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware[Caution: ExecutableFile]" +procnuke Click Ok. Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to. When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to any objects you wish to remove. Click next, Click Ok. Please reboot your computer after removal, run a new "full system scan" and post the results as a reply (When you are selecting the scan mode, uncheck "Search for negligible risk entries"). Please don't launch any programs or connect to the internet at this time. Then, please copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile. Link to comment Share on other sites More sharing options...
stevepole Posted November 21, 2005 Author Share Posted November 21, 2005 i dont have the bearshare program thing dont even know what it is.........ive found that the files are on my D drive but i can delete anything from it cause it is a restore drive or something so its protect so nothing gets deleted does anyone know what to do to get past this? Link to comment Share on other sites More sharing options...
coltm4carbine Posted November 21, 2005 Share Posted November 21, 2005 ok i think you mean it's inside the system restore. 1) go into safemode 2)disable system restore 3) run an antivirus 4) reenable system restore again. that should sort it out. Link to comment Share on other sites More sharing options...
Sharper Posted November 22, 2005 Share Posted November 22, 2005 ok i think you mean it's inside the system restore. 1) go into safemode 2)disable system restore 3) run an antivirus 4) reenable system restore again. that should sort it out. Turning off System Restore can be done outside Safemode. When you turn it off it wipes all old restore points so if there are infected files they will be deleted. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now