Logfile of HijackThis v1.99.1
Scan saved at 11:53:34 AM, on 9/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ASKS~1\wucrtupd.exe
C:\Program Files\M?crosoft.NET\?ti2evxx.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Srro] "C:\WINDOWS\ASKS~1\wucrtupd.exe" -vt ndrv
O4 - HKCU\..\Run: [Bqrpr] C:\Program Files\M?crosoft.NET\?ti2evxx.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
Incident Status Location
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cgi-bin[4].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@drivecleaner[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@entrepreneur[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@errorsafe[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@hitbox[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\HP_Owner\Desktop\smitRem\Process.exe
Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, September 13, 2006 11:54:24 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R122 08.09.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
PurityScan(TAC index:6):1 total references
Tracking Cookie(TAC index:3):29 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R122 08.09.2006
Internal build : 148
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 763458 Bytes
Total size : 2472648 Bytes
Signature data size : 2423934 Bytes
Reference data size : 48202 Bytes
Signatures total : 67019
CSI Fingerprints total : 3643
CSI data size : 144047 Bytes
Target categories : 15
Target families : 967
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:62 %
Total physical memory:982512 kb
Available physical memory:600728 kb
Total page file size:1587012 kb
Available on page file:1303876 kb
Total virtual memory:2097024 kb
Available virtual memory:2040896 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Don't log streams smaller than 0 Bytes
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
9-13-2006 11:54:24 AM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 588
ThreadCreationTime : 9-13-2006 5:53:18 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 668
ThreadCreationTime : 9-13-2006 5:53:21 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 692
ThreadCreationTime : 9-13-2006 5:53:21 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 736
ThreadCreationTime : 9-13-2006 5:53:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 748
ThreadCreationTime : 9-13-2006 5:53:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 900
ThreadCreationTime : 9-13-2006 5:53:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 976
ThreadCreationTime : 9-13-2006 5:53:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1068
ThreadCreationTime : 9-13-2006 5:53:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1172
ThreadCreationTime : 9-13-2006 5:53:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1196
ThreadCreationTime : 9-13-2006 5:53:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1408
ThreadCreationTime : 9-13-2006 5:53:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1568
ThreadCreationTime : 9-13-2006 5:53:24 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:13 [hpsysdrv.exe]
FilePath : C:\windows\system\
ProcessID : 1656
ThreadCreationTime : 9-13-2006 5:53:25 PM
BasePriority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe
#:14 [hphmon06.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1684
ThreadCreationTime : 9-13-2006 5:53:25 PM
BasePriority : Normal
FileVersion : 6,0,72
ProductVersion : 6,0,72
ProductName : HP Photosmart
CompanyName : Hewlett-Packard
FileDescription : HPHmon06
InternalName : HPHmon06
LegalCopyright : Copyright © 2004
OriginalFilename : HPHmon06.exe
#:15 [kbd.exe]
FilePath : C:\HP\KBD\
ProcessID : 1692
ThreadCreationTime : 9-13-2006 5:53:25 PM
BasePriority : High
#:16 [vttimer.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1712
ThreadCreationTime : 9-13-2006 5:53:26 PM
BasePriority : Normal
FileVersion : 1.04.06-1020
ProductVersion : 1.04.06-1020
ProductName : S3 Graphics, Inc. Utilities
CompanyName : S3 Graphics, Inc.
InternalName : S3Timer
LegalCopyright : Copyright © 2001-2004 S3 Graphics, Inc.
LegalTrademarks : S3 is a registered trademark of S3 Incorporated
#:17 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 1732
ThreadCreationTime : 9-13-2006 5:53:26 PM
BasePriority : Normal
FileVersion : 2.1.51 2.1.51 03/04/2005 12:01:54
ProductVersion : 2.1.51 2.1.51 03/04/2005 12:01:54
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe
#:18 [hpcmpmgr.exe]
FilePath : C:\Program Files\HP\hpcoretech\
ProcessID : 1904
ThreadCreationTime : 9-13-2006 5:53:26 PM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.4
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HpCmpMgr.exe
#:19 [ybrwicon.exe]
FilePath : C:\Program Files\Yahoo!\browser\
ProcessID : 1912
ThreadCreationTime : 9-13-2006 5:53:26 PM
BasePriority : Normal
FileVersion : 2003, 7, 11, 1
ProductVersion : 1, 0, 0, 1
ProductName : Yahoo!, Inc. YBrwIcon
CompanyName : Yahoo!, Inc.
FileDescription : YBrwIcon
InternalName : YBrwIcon
LegalCopyright : Copyright © 2003
OriginalFilename : YBrwIcon.exe
#:20 [spysweeper.exe]
FilePath : C:\Program Files\Webroot\Spy Sweeper\
ProcessID : 1952
ThreadCreationTime : 9-13-2006 5:53:26 PM
BasePriority : Normal
FileVersion : 4,5,8,683
ProductVersion : 4, 5
ProductName : Spy Sweeper
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper Client Executable
LegalCopyright : Copyright © 2002 - 2005, All Rights Reserved.
OriginalFilename : SpySweeper.exe
#:21 [ycommon.exe]
FilePath : C:\PROGRA~1\Yahoo!\browser\
ProcessID : 1988
ThreadCreationTime : 9-13-2006 5:53:26 PM
BasePriority : Normal
FileVersion : 2003, 9, 3, 1
ProductVersion : 1, 0, 0, 1
ProductName : YCommon Exe Module
CompanyName : Yahoo!, Inc.
FileDescription : YCommon Exe Module
InternalName : YCommonExe
LegalCopyright : Copyright 2003 Yahoo! Inc.
OriginalFilename : YCommon.EXE
#:22 [point32.exe]
FilePath : C:\Program Files\Microsoft IntelliPoint\
ProcessID : 2008
ThreadCreationTime : 9-13-2006 5:53:26 PM
BasePriority : Normal
#:23 [2portalmon.exe]
FilePath : C:\Program Files\2Wire\
ProcessID : 2020
ThreadCreationTime : 9-13-2006 5:53:26 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : HomePortal Monitor Application
CompanyName : 2Wire, Inc.
FileDescription : HomePortal Monitor Application by 2Wire Engineering
InternalName : HomePortal Monitor
LegalCopyright : Copyright © 1999, 2000, 2001, 2wire, Inc. All Rights Reserved
LegalTrademarks : Copyright © 1999, 2000, 2001, 2wire, Inc. All Rights Reserved
OriginalFilename : HomePortal Monitor.EXE
Comments : HomePortal Monitor Application by 2Wire Engineering
#:24 [viewmgr.exe]
FilePath : C:\Program Files\Viewpoint\Viewpoint Manager\
ProcessID : 176
ThreadCreationTime : 9-13-2006 5:53:27 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 42
ProductVersion : 2, 0, 0, 42
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright © 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager
#:25 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 260
ThreadCreationTime : 9-13-2006 5:53:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:26 [wucrtupd.exe]
FilePath : C:\WINDOWS\ASKS~1\
ProcessID : 336
ThreadCreationTime : 9-13-2006 5:53:27 PM
BasePriority : Normal
#:27 [?ti2evxx.exe]
FilePath : C:\Program Files\M?crosoft.NET\
ProcessID : 348
ThreadCreationTime : 9-13-2006 5:53:27 PM
BasePriority : Normal
PurityScan Object Recognized!
Type : Process
Data : ?ti2evxx.exe
TAC Rating : 6
Category : Malware
Comment : ragedit(1).exe.dmp
Object : C:\Program Files\M?crosoft.NET\
Warning! PurityScan Object found in memory(C:\Program Files\M?crosoft.NET\?ti2evxx.exe)
"C:\Program Files\M?crosoft.NET\?ti2evxx.exe"Process terminated successfully
"C:\Program Files\M?crosoft.NET\?ti2evxx.exe"Process terminated successfully
#:28 [guard.exe]
FilePath : C:\Program Files\ewido anti-spyware 4.0\
ProcessID : 1632
ThreadCreationTime : 9-13-2006 5:53:32 PM
BasePriority : Normal
FileVersion : 4, 0, 0, 172
ProductVersion : 4, 0, 0, 172
ProductName : ewido anti-spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : ewido anti-spyware guard
InternalName : ewido anti-spywareguard
LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
OriginalFilename : guard.exe
#:29 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 1744
ThreadCreationTime : 9-13-2006 5:53:32 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:30 [wrsssdk.exe]
FilePath : C:\Program Files\Webroot\Spy Sweeper\
ProcessID : 184
ThreadCreationTime : 9-13-2006 5:53:32 PM
BasePriority : Normal
FileVersion : 2,0,8,483
ProductVersion : 2, 0
ProductName : Spy Sweeper SDK
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper SDK
LegalCopyright : Copyright © 2002 - 2005, All Rights Reserved.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.
OriginalFilename : SpySweeper.exe
#:31 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 652
ThreadCreationTime : 9-13-2006 5:53:39 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:32 [symwsc.exe]
FilePath : c:\Program Files\Common Files\Symantec Shared\Security Center\
ProcessID : 1052
ThreadCreationTime : 9-13-2006 5:53:39 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe
#:33 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1228
ThreadCreationTime : 9-13-2006 6:53:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE
#:34 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3184
ThreadCreationTime : 9-13-2006 6:54:18 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_owner@metriweb[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_owner@maxserving[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_owner@realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_owner@statcounter[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:18
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_owner@sexlist[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:32
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_owner@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:47
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:25
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_owner@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_owner@~~local~~[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:312
Value : Cookie:hp_owner@~~local~~/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:52
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_owner@sextracker[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:27
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_owner@revenue[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_owner@paycounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_owner@adrevolver[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/adrevolver/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_owner@trafficmp[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:53
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_owner@apmebf[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_owner@adrevolver[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 29
Objects found so far: 30
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
685 entries scanned.
New critical objects:0
Objects found so far: 30
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30
12:05:55 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:30.563
Objects scanned:202070
Objects identified:30
Objects ignored:0
New critical objects:30