This is my hijack this scan:
Logfile of HijackThis v1.99.1
Scan saved at 17:58:38, on 22/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Anti Virus\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.blueyonder.co.uk/dial
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite K++\kpp.exe" "C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.blueyonder.co.uk/dial
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132599713000
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
This is also my scan report from ad-aware:
Ad-Aware SE Build 1.06r1
Logfile Created on:21 November 2005 19:31:52
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R75 15.11.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):13 total references
Tracking Cookie(TAC index:3):8 total references
Win32.P2P-Worm.Alcan.a(TAC index:8):10 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
21-11-2005 19:31:52 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-362181029-1130960311-2456288766-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-362181029-1130960311-2456288766-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-362181029-1130960311-2456288766-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-362181029-1130960311-2456288766-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-362181029-1130960311-2456288766-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-362181029-1130960311-2456288766-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-362181029-1130960311-2456288766-1003\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions
MRU List Object Recognized!
Location: : S-1-5-21-362181029-1130960311-2456288766-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 464
ThreadCreationTime : 21-11-2005 19:12:13
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 520
ThreadCreationTime : 21-11-2005 19:12:15
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 544
ThreadCreationTime : 21-11-2005 19:12:16
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 588
ThreadCreationTime : 21-11-2005 19:12:16
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 600
ThreadCreationTime : 21-11-2005 19:12:16
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 752
ThreadCreationTime : 21-11-2005 19:12:17
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 808
ThreadCreationTime : 21-11-2005 19:12:18
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 872
ThreadCreationTime : 21-11-2005 19:12:18
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 920
ThreadCreationTime : 21-11-2005 19:12:18
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1004
ThreadCreationTime : 21-11-2005 19:12:18
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1296
ThreadCreationTime : 21-11-2005 19:12:20
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1316
ThreadCreationTime : 21-11-2005 19:12:20
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:13 [hpsysdrv.exe]
FilePath : C:\windows\system\
ProcessID : 1424
ThreadCreationTime : 21-11-2005 19:12:21
BasePriority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe
#:14 [shwicon.exe]
FilePath : C:\Program Files\USB Storage RW\
ProcessID : 1440
ThreadCreationTime : 21-11-2005 19:12:21
BasePriority : Normal
FileVersion : 2, 0, 2, 2
ProductVersion : 2, 0, 2, 2
ProductName : shwicon
CompanyName : MyComp
FileDescription : shwicon
InternalName : shwicon
LegalCopyright : Copyright © 2002
OriginalFilename : shwicon.exe
#:15 [kbd.exe]
FilePath : C:\HP\KBD\
ProcessID : 1480
ThreadCreationTime : 21-11-2005 19:12:21
BasePriority : High
#:16 [hpztsb08.exe]
FilePath : C:\WINDOWS\system32\spool\drivers\w32x86\3\
ProcessID : 1504
ThreadCreationTime : 21-11-2005 19:12:21
BasePriority : Normal
FileVersion : 2,223,0,0
ProductVersion : 2,223,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2003
#:17 [hpwuschd2.exe]
FilePath : C:\Program Files\Hewlett-Packard\HP Software Update\
ProcessID : 1512
ThreadCreationTime : 21-11-2005 19:12:21
BasePriority : Normal
FileVersion : 50.0.146.000
ProductVersion : 050.000.146.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : Hewlett-Packard Product Assistant
InternalName : hpwuSchd2
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : hpwuSchd2.exe
Comments : Hewlett-Packard Product Assistant
#:18 [hpotdd01.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 1520
ThreadCreationTime : 21-11-2005 19:12:21
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett-Packard hpotdd01
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
LegalCopyright : Copyright © 2002
OriginalFilename : hpotdd01.exe
#:19 [s3tray2.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1528
ThreadCreationTime : 21-11-2005 19:12:21
BasePriority : Normal
FileVersion : 1.00.19-0113
ProductVersion : 1.00.19-0113
ProductName : S3 Graphics Utilities
CompanyName : S3 Graphics, Inc.
FileDescription : s3contrl
InternalName : s3contrl
LegalCopyright : Copyright © 2001-2003 S3 S3 Graphics, Inc.
LegalTrademarks : S3 is a registered trademark of S3 Incorporated
OriginalFilename : s3contrl.exe
#:20 [cfd.exe]
FilePath : C:\Program Files\BroadJump\Client Foundation\
ProcessID : 1556
ThreadCreationTime : 21-11-2005 19:12:22
BasePriority : Normal
#:21 [motivesb.exe]
FilePath : C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\
ProcessID : 1668
ThreadCreationTime : 21-11-2005 19:12:23
BasePriority : Normal
FileVersion : 5.6.7.asst_classic.smartbridge.20031210_035000
ProductVersion : 5.6.7.asst_classic.smartbridge
ProductName : Motive System
CompanyName : Motive Communications, Inc.
FileDescription : ntl:home broadband medic alerts
InternalName : version
LegalCopyright : Copyright 1998-2003
OriginalFilename : version
#:22 [gcasserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ProcessID : 1700
ThreadCreationTime : 21-11-2005 19:12:23
BasePriority : Idle
FileVersion : 1.00.0615
ProductVersion : 1.00.0615
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe
#:23 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_04\bin\
ProcessID : 1736
ThreadCreationTime : 21-11-2005 19:12:23
BasePriority : Normal
#:24 [picasamediadetector.exe]
FilePath : C:\Program Files\Picasa2\
ProcessID : 1752
ThreadCreationTime : 21-11-2005 19:12:24
BasePriority : Normal
FileVersion : 2.1.0
ProductVersion : 2.1.0
ProductName : Picasa
CompanyName : Google Inc.
FileDescription : Picasa
InternalName : Picasa
LegalCopyright : © 2004- 2005 Google Inc.
OriginalFilename : Picasa2.exe
#:25 [msmovies.exe]
FilePath : C:\Program Files\MsMovies\
ProcessID : 1776
ThreadCreationTime : 21-11-2005 19:12:24
BasePriority : Normal
FileVersion : 2.04
ProductVersion : 2.04
ProductName : Windows Media Video
CompanyName : Windows Media Video
FileDescription : Windows Media Video
InternalName : wm
LegalCopyright : Windows Media Video
LegalTrademarks : Windows Media Video
OriginalFilename : wm.exe
Comments : Windows Media Video
#:26 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1784
ThreadCreationTime : 21-11-2005 19:12:24
BasePriority : Normal
FileVersion : 7,1,0,355
ProductVersion : 7.1.0.355
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:27 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 1792
ThreadCreationTime : 21-11-2005 19:12:24
BasePriority : Normal
FileVersion : 6.0.1.3
ProductVersion : 6.0.1.3
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:28 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1800
ThreadCreationTime : 21-11-2005 19:12:24
BasePriority : Normal
FileVersion : 7.0.3
ProductVersion : QuickTime 7.0.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2005
OriginalFilename : QTTask.exe
#:29 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1876
ThreadCreationTime : 21-11-2005 19:12:26
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:30 [ctdetect.exe]
FilePath : C:\Program Files\Creative\MediaSource\Detector\
ProcessID : 1892
ThreadCreationTime : 21-11-2005 19:12:26
BasePriority : Normal
FileVersion : 2.3.1.0
ProductVersion : 2.3.0.0
ProductName : Creative MediaSource Detector
CompanyName : Creative Technology Ltd
FileDescription : Creative MediaSource Detector
InternalName : CTDetect
LegalCopyright : Copyright © Creative Technology Ltd., 2003-2004. All rights reserved.
OriginalFilename : CTDetect.EXE
#:31 [gcasdtserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ProcessID : 200
ThreadCreationTime : 21-11-2005 19:12:30
BasePriority : Normal
FileVersion : 1.00.0615
ProductVersion : 1.00.0615
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe
#:32 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 188
ThreadCreationTime : 21-11-2005 19:12:30
BasePriority : Normal
FileVersion : 7,1,0,357
ProductVersion : 7.1.0.357
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:33 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 368
ThreadCreationTime : 21-11-2005 19:12:32
BasePriority : Normal
FileVersion : 7,1,0,349
ProductVersion : 7.1.0.349
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:34 [ctsvccda.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 388
ThreadCreationTime : 21-11-2005 19:12:32
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE
#:35 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 312
ThreadCreationTime : 21-11-2005 19:12:33
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe
#:36 [mpbtn.exe]
FilePath : C:\Program Files\ntl\broadband medic\bin\
ProcessID : 860
ThreadCreationTime : 21-11-2005 19:12:39
BasePriority : Normal
#:37 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1716
ThreadCreationTime : 21-11-2005 19:12:58
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:38 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2108
ThreadCreationTime : 21-11-2005 19:13:01
BasePriority : Normal
FileVersion : 6.0.1.3
ProductVersion : 6.0.1.3
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:39 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2428
ThreadCreationTime : 21-11-2005 19:13:07
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:40 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 832
ThreadCreationTime : 21-11-2005 19:29:43
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:41 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3096
ThreadCreationTime : 21-11-2005 19:31:27
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:[email protected]/
Expires : 21-11-2006 17:15:28
LastSync : Hits:12
UseCount : 0
Hits : 12
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 21-12-2005 19:20:24
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 19-11-2015 17:14:10
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 20-11-2010
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 19-11-2015 19:28:12
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:13
Value : Cookie:[email protected]/
Expires : 21-11-2006 17:15:28
LastSync : Hits:13
UseCount : 0
Hits : 13
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 16-11-2025 19:00:02
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 20-11-2008 17:14:16
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 21
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : A0043290.dll
TAC Rating : 8
Category : Worm
Comment :
Object : C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP435\
FileVersion : 3.0.2.0
ProductVersion : 3.02
ProductName : BigSpeed Zip DLL
CompanyName : BigSpeedSoft
InternalName : bszip.dll
LegalCopyright : © BigSpeedSoft
LegalTrademarks : BigSpeed is a trademark of BigSpeedSoft
OriginalFilename : bszip.dll
Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : bszip.dll
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 3.0.2.0
ProductVersion : 3.02
ProductName : BigSpeed Zip DLL
CompanyName : BigSpeedSoft
InternalName : bszip.dll
LegalCopyright : © BigSpeedSoft
LegalTrademarks : BigSpeed is a trademark of BigSpeedSoft
OriginalFilename : bszip.dll
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 23
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.P2P-Worm.Alcan.a Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Worm
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager
Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : cmd.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\
Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : netstat.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\
Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : ping.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\
Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : regedit.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\
Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : taskkill.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\
Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : tasklist.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\
Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : tracert.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 31
19:45:28 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:36.328
Objects scanned:147604
Objects identified:18
Objects ignored:0
New critical objects:18
Also, I thought I should post my ewido scan:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 01:27:19, 22/11/2005
+ Report-Checksum: B38CB285
+ Scan result:
HKLM\SOFTWARE\Classes\Interface\{4A0F42B7-A61B-4131-BF41-BF05A2635BFD} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4A0F42B7-A61B-4131-BF41-BF05A2635BFD}\TypeLib\\ -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9DBDD71C-0A7F-48AC-9FFA-E102B3750B9D} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9DBDD71C-0A7F-48AC-9FFA-E102B3750B9D}\TypeLib\\ -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C2E56E18-2F04-4AB9-9333-B2DB3C350956} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C2E56E18-2F04-4AB9-9333-B2DB3C350956}\TypeLib\\ -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{E9CBBEED-20B6-456C-8589-CF364D9D2370} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{E9CBBEED-20B6-456C-8589-CF364D9D2370}\TypeLib\\ -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F8C5EA77-7D72-405C-B90A-093655B0F544} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F8C5EA77-7D72-405C-B90A-093655B0F544}\TypeLib\\ -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1014.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1014.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\1qab73fb.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\1qab73fb.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\1qab73fb.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EPSRADA5\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Program Files\MsMovies\MsMovies.exe -> TrojanDropper.WinAD.h : Cleaned with backup
C:\Program Files\MsMovies\p.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
C:\Program Files\MsMovies\v.tmp -> TrojanDropper.WinAD.h : Cleaned with backup
::Report End
Any help would be much appreciated!
Thank you very much