Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware, trojan, spyware always there even after removing them

Started by Kashmyr , Jun 21 2006 05:48 PM

  • Please log in to reply

#1
Kashmyr
Posted 21 June 2006 - 05:48 PM

Kashmyr

    Member

  • Member
  • PipPip
  • 16 posts
Hello

can u please help me, i still have trojan, spyware (sorry for my english but i'm french...)

Here is the Hijackthis log (with active scan from panda, ewido, trojan hunter... )thanks in advance

Logfile of HijackThis v1.99.1
Scan saved at 7:34:49 PM, on 6/21/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\WINNT\system32\mobsync.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
F:\3.0\Apps\apdproxy.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Documents and Settings\Diane Ranger\Desktop\Clean up internet\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passpor...rf?lc=3084&id=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive2k\Program\AHQInit.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Gainward] C:\WINNT\TBPanel.exe /A
O4 - HKLM\..\Run: [DeluxeCD] C:\WINNT\system32\cdplayer.exe -tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [8F.tmp] C:\DOCUME~1\DIANER~1\LOCALS~1\Temp\8F.tmp.exe
O4 - HKLM\..\Run: [90.tmp] C:\DOCUME~1\DIANER~1\LOCALS~1\Temp\90.tmp.exe
O4 - HKLM\..\Run: [8F.tmp.exe] C:\DOCUME~1\DIANER~1\LOCALS~1\Temp\8F.tmp.exe
O4 - HKLM\..\Run: [90.tmp.exe] C:\DOCUME~1\DIANER~1\LOCALS~1\Temp\90.tmp.exe
O4 - HKLM\..\Run: [177.tmp] C:\DOCUME~1\DIANER~1\LOCALS~1\Temp\177.tmp.exe
O4 - HKLM\..\Run: [177.tmp.exe] C:\DOCUME~1\DIANER~1\LOCALS~1\Temp\177.tmp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PayTime] C:\WINNT\system32\paytime.exe
O4 - HKLM\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -startup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZNxmk121CWCA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.appl...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...RdxIE601_fr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1139204063081
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe



Ad-Aware :

Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, June 21, 2006 5:24:10 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R112 15.06.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CometSystems(TAC index:8):2 total references
IBIS Toolbar(TAC index:5):43 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
Search Relevancy(TAC index:5):5 total references
Starware Toolbar(TAC index:5):5 total references
Tracking Cookie(TAC index:3):1 total references
WhenU.DesktopToolbar(TAC index:5):3 total references
WinAD(TAC index:7):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


6-21-2006 5:24:10 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 164
ThreadCreationTime : 6-21-2006 4:00:51 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 192
ThreadCreationTime : 6-21-2006 4:00:56 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 212
ThreadCreationTime : 6-21-2006 4:00:59 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 240
ThreadCreationTime : 6-21-2006 4:01:01 PM
BasePriority : Normal
FileVersion : 5.00.2195.7035
ProductVersion : 5.00.2195.7035
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 252
ThreadCreationTime : 6-21-2006 4:01:01 PM
BasePriority : Normal
FileVersion : 5.00.2195.7011
ProductVersion : 5.00.2195.7011
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 424
ThreadCreationTime : 6-21-2006 4:01:04 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 452
ThreadCreationTime : 6-21-2006 4:01:04 PM
BasePriority : Normal
FileVersion : 5.00.2195.7059
ProductVersion : 5.00.2195.7059
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [ctsvccda.exe]
FilePath : C:\WINNT\System32\
ProcessID : 480
ThreadCreationTime : 6-21-2006 4:01:04 PM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:9 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 496
ThreadCreationTime : 6-21-2006 4:01:04 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:10 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 528
ThreadCreationTime : 6-21-2006 4:01:05 PM
BasePriority : High


#:11 [mctskshd.exe]
FilePath : c:\PROGRA~1\mcafee.com\agent\
ProcessID : 568
ThreadCreationTime : 6-21-2006 4:01:05 PM
BasePriority : Normal
FileVersion : 6, 0, 0, 13
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee Task Scheduler
InternalName : McTskshd
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : McTskshd.exe

#:12 [mpfservice.exe]
FilePath : C:\PROGRA~1\MCAFEE.COM\PERSON~1\
ProcessID : 608
ThreadCreationTime : 6-21-2006 4:01:07 PM
BasePriority : Normal
FileVersion : 6.1.0.44
ProductVersion : 6.1.0.44
ProductName : McAfee Personal Firewall
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service

#:13 [nvsvc32.exe]
FilePath : C:\WINNT\system32\
ProcessID : 628
ThreadCreationTime : 6-21-2006 4:01:08 PM
BasePriority : Normal
FileVersion : 6.14.10.8198
ProductVersion : 6.14.10.8198
ProductName : NVIDIA Driver Helper Service, Version 81.98
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 81.98
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:14 [regsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 656
ThreadCreationTime : 6-21-2006 4:01:10 PM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:15 [mstask.exe]
FilePath : C:\WINNT\system32\
ProcessID : 672
ThreadCreationTime : 6-21-2006 4:01:10 PM
BasePriority : Normal
FileVersion : 4.71.2195.6972
ProductVersion : 4.71.2195.6972
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:16 [stisvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 712
ThreadCreationTime : 6-21-2006 4:01:12 PM
BasePriority : Normal
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE

#:17 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ProcessID : 768
ThreadCreationTime : 6-21-2006 4:01:12 PM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:18 [mspmspsv.exe]
FilePath : C:\WINNT\System32\
ProcessID : 824
ThreadCreationTime : 6-21-2006 4:01:15 PM
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:19 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 836
ThreadCreationTime : 6-21-2006 4:01:15 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:20 [guard.exe]
FilePath : C:\Program Files\ewido anti-spyware 4.0\
ProcessID : 1088
ThreadCreationTime : 6-21-2006 6:58:37 PM
BasePriority : Normal
FileVersion : 4, 0, 0, 172
ProductVersion : 4, 0, 0, 172
ProductName : ewido anti-spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : ewido anti-spyware guard
InternalName : ewido anti-spywareguard
LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:21 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 1040
ThreadCreationTime : 6-21-2006 9:16:38 PM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:22 [devldr32.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1780
ThreadCreationTime : 6-21-2006 9:16:43 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 19
ProductVersion : 1, 0, 0, 19
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © 1998 - 2001 Creative Technology Ltd.
OriginalFilename : DevLdr32.exe

#:23 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 1768
ThreadCreationTime : 6-21-2006 9:16:48 PM
BasePriority : Normal


#:24 [mcvsshld.exe]
FilePath : C:\Program Files\McAfee.com\VSO\
ProcessID : 1632
ThreadCreationTime : 6-21-2006 9:16:50 PM
BasePriority : Normal
FileVersion : 10, 0, 0, 22
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : McVsShld
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : McVsShld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:25 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ProcessID : 1688
ThreadCreationTime : 6-21-2006 9:16:50 PM
BasePriority : Normal
FileVersion : 6, 0, 0, 16
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe

#:26 [mcvsescn.exe]
FilePath : C:\PROGRA~1\mcafee.com\vso\
ProcessID : 1572
ThreadCreationTime : 6-21-2006 9:16:51 PM
BasePriority : Normal
FileVersion : 10, 0, 0, 20
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:27 [mpftray.exe]
FilePath : C:\PROGRA~1\MCAFEE.COM\PERSON~1\
ProcessID : 1660
ThreadCreationTime : 6-21-2006 9:16:51 PM
BasePriority : Normal
FileVersion : 6.1.0.44
ProductVersion : 6.1.0.44
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Tray Monitor
InternalName : MpfTray
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MPFTRAY.EXE
Comments : Tray Icon for McAfee Personal Firewall

#:28 [mwsoemon.exe]
FilePath : C:\PROGRA~1\MYWEBS~1\bar\2.bin\
ProcessID : 1636
ThreadCreationTime : 6-21-2006 9:16:53 PM
BasePriority : Normal
FileVersion : 1,2,2,2
ProductVersion : 2,0,1,0
ProductName : My Web Search Bar for Internet Explorer, email clients, and messenger clients
CompanyName : MyWebSearch.com
FileDescription : My Web Search Email Plugin
InternalName : mwsoemon
LegalCopyright : Copyright © 2003-2004 MyWebSearch.com
OriginalFilename : mwsoemon.exe

#:29 [sweetim.exe]
FilePath : C:\Program Files\Macrogaming\SweetIM\
ProcessID : 1328
ThreadCreationTime : 6-21-2006 9:16:54 PM
BasePriority : Normal
FileVersion : 1, 1, 0, 151
ProductVersion : 1.1.0.151
ProductName : MacroGaming SweetIM
CompanyName : MacroGaming LTD.
FileDescription : SweetIM MSN Messenger Enhancer
InternalName : SweetIM
LegalCopyright : Copyright © 2005
OriginalFilename : SweetIM.exe

#:30 [msgplus.exe]
FilePath : C:\Program Files\MessengerPlus! 3\
ProcessID : 920
ThreadCreationTime : 6-21-2006 9:16:54 PM
BasePriority : Normal


#:31 [mpfagent.exe]
FilePath : C:\PROGRA~1\MCAFEE.COM\PERSON~1\
ProcessID : 1360
ThreadCreationTime : 6-21-2006 9:17:00 PM
BasePriority : Normal
FileVersion : 6.1.0.44
ProductVersion : 6.1.0.44
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Agent Interface
InternalName : MpfAgent
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MPFAGENT.EXE
Comments : McAfee Personal Firewall Security Center Module

#:32 [oasclnt.exe]
FilePath : C:\Program Files\McAfee.com\VSO\
ProcessID : 1536
ThreadCreationTime : 6-21-2006 9:17:00 PM
BasePriority : Normal
FileVersion : 10, 0, 0, 24
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan OAS Client
InternalName : OasClnt
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : OasClnt.exe
Comments : McAfee VirusScan OAS Client

#:33 [ewido.exe]
FilePath : C:\Program Files\ewido anti-spyware 4.0\
ProcessID : 1196
ThreadCreationTime : 6-21-2006 9:17:01 PM
BasePriority : Normal
FileVersion : 4, 0, 0, 172
ProductVersion : 4, 0, 0, 172
ProductName : ewido anti-spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : ewido anti-spyware
InternalName : ewido anti-spyware
LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
OriginalFilename : ewido.exe

#:34 [thguard.exe]
FilePath : C:\Program Files\TrojanHunter 4.5\
ProcessID : 736
ThreadCreationTime : 6-21-2006 9:17:01 PM
BasePriority : Normal
FileVersion : 4.5.0.275
ProductVersion : 1.0.0.0
ProductName : TrojanHunter Guard
CompanyName : Mischel Internet Security
FileDescription : TrojanHunter Guard
LegalCopyright : Mischel Internet Security
LegalTrademarks : TrojanHunter is a trademark of Mischel Internet Security.
OriginalFilename : THGuard.exe

#:35 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1476
ThreadCreationTime : 6-21-2006 9:17:07 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:36 [notepad.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1156
ThreadCreationTime : 6-21-2006 9:17:33 PM
BasePriority : Normal
FileVersion : 5.00.2140.1
ProductVersion : 5.00.2140.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : NOTEPAD.EXE

#:37 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1356
ThreadCreationTime : 6-21-2006 9:18:22 PM
BasePriority : Normal
FileVersion : 7.0.0816
ProductVersion : 7.0.0816
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2005
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:38 [mcvsftsn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 1708
ThreadCreationTime : 6-21-2006 9:18:23 PM
BasePriority : Normal
FileVersion : 10, 0, 0, 19
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsftsn.EXE
Comments : McAfee VirusScan Instant Messenger Scan Module

#:39 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1452
ThreadCreationTime : 6-21-2006 9:19:09 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (http://www.gamehouse.com/ghdlctl.cab)

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Starware Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Adware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-839522115-113007714-842925246-1000\software\microsoft\internet explorer\toolbar\Webbrowser
Value : {2d51d869-c36b-42bd-ae68-0a81bc771fa5}

CometSystems Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-839522115-113007714-842925246-1000\software\microsoft\internet explorer\toolbar\Webbrowser
Value : {fe6bc4ef-5676-484b-88ae-883323913256}


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : diane ranger@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Diane Ranger\Cookies\diane ranger@atdmt[2].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 3



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WinAD Object Recognized!
Type : File
Data : ide21201.vxd
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINNT\system32\



IBIS Toolbar Object Recognized!
Type : File
Data : WToolsD.cfg
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\Program Files\Common Files\WinTools\



WhenU.DesktopToolbar Object Recognized!
Type : File
Data : UControlScanAndRemove.ocx
TAC Rating : 5
Category : Misc
Comment :
Object : C:\Program Files\Common Files\WhenU\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : UControl Scan and Remove Launcher
CompanyName : Aluria Software
FileDescription : ActiveX Control to launch UControl Scan and Remove Utility
InternalName : UControlScanAndRemove
OriginalFilename : UControlScanAndRemove.ocx


Search Relevancy Object Recognized!
Type : File
Data : SearchRelevant.xml
TAC Rating : 5
Category : Misc
Comment :
Object : C:\Program Files\SearchRelevant\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7


Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7

Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Visit GameHouse.com.url
TAC Rating : 5
Category : Misc
Comment : Problematic URL discovered: http://www.gamehouse.com/
Object : C:\Documents and Settings\Diane Ranger\Start Menu\Programs\GameHouse\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Starware Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Custom Search URL

Starware Toolbar Object Recognized!
Type : RegData
Data : no
TAC Rating : 5
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

Starware Toolbar Object Recognized!
Type : Folder
TAC Rating : 5
Category : Adware
Comment : Starware Toolbar
Object : C:\Documents and Settings\Diane Ranger\Application Data\Starware

Starware Toolbar Object Recognized!
Type : Folder
TAC Rating : 5
Category : Adware
Comment : Starware Toolbar
Object : C:\Program Files\Starware

CometSystems Object Recognized!
Type : Folder
TAC Rating : 8
Category : Data Miner
Comment : CometSystems
Object : C:\Program Files\Screensavers.com

WinAD Object Recognized!
Type : Folder
TAC Rating : 7
Category : Malware
Comment : WinAD
Object : C:\Program Files\AdTools Service

WinAD Object Recognized!
Type : Folder
TAC Rating : 7
Category : Malware
Comment : WinAD
Object : C:\Program Files\Media Gateway

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrHighlight

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrForeColor

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrBackColor

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrDownload

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrViewed

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrStatic

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\northcode inc

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\installer\userdata\sto

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset002\services\wintoolssvc

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset002\services\wintoolssvc
Value : Start

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset002\services\wintoolssvc
Value : ErrorControl

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset002\services\wintoolssvc
Value : ImagePath

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset002\services\wintoolssvc
Value : DisplayName

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset002\services\wintoolssvc
Value : ObjectName

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_tbpssvc

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_wintoolssvc

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\enum\root\legacy_wintoolssvc

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\wintoolssvc

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\wintoolssvc
Value : Start

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\wintoolssvc
Value : ErrorControl

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\wintoolssvc
Value : ImagePath

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\wintoolssvc
Value : DisplayName

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\wintoolssvc
Value : ObjectName

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\wintoolssvc

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\wintoolssvc
Value : Start

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\wintoolssvc
Value : ErrorControl

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\wintoolssvc
Value : ImagePath

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\wintoolssvc
Value : DisplayName

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\wintoolssvc
Value : ObjectName

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : AutoSearch

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : CustomizeSearch

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\installer\userdata
Value : TUID

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : IEWatsonEnabled

IBIS Toolbar Object Recognized!
Type : RegData
Data : no
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

IBIS Toolbar Object Recognized!
Type : Folder
TAC Rating : 5
Category : Data Miner
Comment : IBIS Toolbar
Object : C:\Program Files\Common Files\WinTools

IBIS Toolbar Object Recognized!
Type : Folder
TAC Rating : 5
Category : Data Miner
Comment : IBIS Toolbar
Object : C:\Program Files\FunWebProducts

IBIS Toolbar Object Recognized!
Type : File
Data : rmhgxlmu.wzg
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\Program Files\Common Files\wintools\



IBIS Toolbar Object Recognized!
Type : File
Data : WToolsR.cfg
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\Program Files\Common Files\wintools\



IBIS Toolbar Object Recognized!
Type : File
Data : WToolsC.cfg
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\Program Files\Common Files\wintools\



IBIS Toolbar Object Recognized!
Type : File
Data : WToolsP.cfg
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\Program Files\Common Files\wintools\



IBIS Toolbar Object Recognized!
Type : File
Data : WToolsU.cfg
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\Program Files\Common Files\wintools\



WhenU.DesktopToolbar Object Recognized!
Type : Folder
TAC Rating : 5
Category : Misc
Comment : WhenU.DesktopToolbar
Object : C:\Program Files\WhenUSearch

WhenU.DesktopToolbar Object Recognized!
Type : Folder
TAC Rating : 5
Category : Misc
Comment : WhenU.DesktopToolbar
Object : C:\Program Files\Common Files\WhenU

Search Relevancy Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchrelevancy

Search Relevancy Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : updater.bho

Search Relevancy Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\searchrelevancy

Search Relevancy Object Recognized!
Type : Folder
TAC Rating : 5
Category : Misc
Comment : Search Relevancy
Object : C:\Program Files\SearchRelevancy

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 55
Objects found so far: 63

5:35:19 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:09.473
Objects scanned:84144
Objects identified:63
Objects ignored:0
New critical objects:63

------------------------------------------------------------------------------------------

Ewido :
wido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:23:31 PM 6/21/2006

+ Scan result:



HKLM\SOFTWARE\salm -> Adware.180Solutions : No action taken.
HKU\S-1-5-21-839522115-113007714-842925246-1000\Software\salm -> Adware.180Solutions : No action taken.
HKLM\SOFTWARE\Classes\AtlBrCon.AtlBrCon -> Adware.Ezula : No action taken.
HKLM\SOFTWARE\Classes\AtlBrCon.AtlBrCon.1 -> Adware.Ezula : No action taken.
HKLM\SOFTWARE\Classes\AtlBrCon.AtlBrCon\CurVer -> Adware.Ezula : No action taken.
C:\Documents and Settings\Default User\Application Data\Hotbar -> Adware.HotBar : No action taken.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI -> Adware.HotBar : No action taken.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\dynamic -> Adware.HotBar : No action taken.
C:\Documents and Settings\Default Use
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP