Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Referred]IE fatal error


  • Please log in to reply

#1
needPChelp

needPChelp

    New Member

  • Member
  • Pip
  • 8 posts
Warning reads 0028:C0011E36 in VXD VMM<01>*00010E36 Trojan-Sp
Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, May 04, 2005 4:09:49 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):9 total references
MRU List(TAC index:0):10 total references
Security iGuard(TAC index:9):3 total references
Tracking Cookie(TAC index:3):179 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-4-05 4:09:49 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\recenturllist
Description : list of recently used web addresses in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\doc find spec mru
Description : list of recently used search terms for locating files using the microsoft windows operating system


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4279237469
Threads : 4
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294946785
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294948977
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [MWSSW32.EXE]
FilePath : C:\WINDOWS\MWW32\MANAGER\
ProcessID : 4294848753
Threads : 7
Priority : Normal
FileVersion : 2.60.38.0
ProductVersion : 2.60.38.0
ProductName : ThinkPad Modem
CompanyName : IBM Corporation
FileDescription : ThinkPad Modem Software
InternalName : mwssw32
LegalCopyright : Copyright © 1992, 1999, IBM Corporation
OriginalFilename : mwssw32.exe

#:5 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294849613
Threads : 2
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:6 [XPAGENT.EXE]
FilePath : C:\PROGRAM FILES\XPOINT\AGENT\
ProcessID : 4294843037
Threads : 6
Priority : Normal


#:7 [XPCLIENT.EXE]
FilePath : C:\PROGRAM FILES\XPOINT\EECLIENT\
ProcessID : 4294842285
Threads : 5
Priority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Xpoint Technologies Uptime!
CompanyName : Xpoint Technologies
FileDescription : Uptime
InternalName : Uptime!
LegalCopyright : Copyright © 2001

#:8 [CSINJECT.EXE]
FilePath : C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\
ProcessID : 4294874425
Threads : 1
Priority : Normal
FileVersion : 6.01.0012
ProductVersion : 6.01
ProductName : Norton CleanSweep
CompanyName : Symantec Corporation
FileDescription : csinject
InternalName : CSInject
LegalCopyright : Copyright © 1992-2001 Symantec Corporation
OriginalFilename : CSInject.exe

#:9 [NPROTECT.EXE]
FilePath : C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\
ProcessID : 4294796429
Threads : 5
Priority : Normal
FileVersion : 15.03.0.36
ProductVersion : 15.03.0.36
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 2002 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE

#:10 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294793821
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:11 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294732705
Threads : 15
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:12 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294705853
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:13 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294709709
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:14 [IRMON.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294712313
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft Infrared Support
CompanyName : Microsoft Corporation
FileDescription : Microsoft Infrared Control Panel
InternalName : Infrared
LegalCopyright : © 1998 Microsoft. Portions © Hewlett-Packard
OriginalFilename : irmon.exe

#:15 [TPHKMGR.EXE]
FilePath : C:\PROGRAM FILES\THINKPAD\UTILITIES\
ProcessID : 4294713253
Threads : 2
Priority : Normal


#:16 [TP98TRAY.EXE]
FilePath : C:\PROGRAM FILES\THINKPAD\UTILITIES\
ProcessID : 4294748125
Threads : 1
Priority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : IBM ThinkPad Tray Utility
CompanyName : IBM Corp.
FileDescription : IBM ThinkPad Tray Utility
InternalName : IBM ThinkPad Tray Utility
LegalCopyright : Copyright © IBM Corp. 1998,2002.
OriginalFilename : Tp98Tray.exe

#:17 [DIRECTCD.EXE]
FilePath : C:\PROGRAM FILES\ADAPTEC\DIRECTCD\
ProcessID : 4294719897
Threads : 1
Priority : Normal
FileVersion : 3.05 (210)
ProductVersion : 3.05 (210)
ProductName : DirectCD
CompanyName : Adaptec
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 1996-2001 Adaptec, Inc.
OriginalFilename : DirectCD.EXE

#:18 [XICON.EXE]
FilePath : C:\PROGRAM FILES\XPOINT\AGENT\
ProcessID : 4294718981
Threads : 1
Priority : Normal


#:19 [PCRECSA.EXE]
FilePath : C:\PROGRAM FILES\XPOINT\PE\
ProcessID : 4294668933
Threads : 3
Priority : Normal


#:20 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294716521
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:21 [VIEWMGR.EXE]
FilePath : C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\
ProcessID : 4294700853
Threads : 1
Priority : Normal
FileVersion : 2, 0, 0, 42
ProductVersion : 2, 0, 0, 42
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright © 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager

#:22 [LOADQM.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294703165
Threads : 3
Priority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE

#:23 [KODAKCCS.EXE]
FilePath : C:\WINDOWS\SYSTEM32\DRIVERS\
ProcessID : 4294686693
Threads : 2
Priority : Normal
FileVersion : 1.1.5100.4
ProductVersion : 4.4.0.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : KodakCCS.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2004
OriginalFilename : DcFsSvc.exe

#:24 [QTTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294605829
Threads : 5
Priority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:25 [JAVAW.EXE]
FilePath : C:\PROGRAM FILES\XPOINT\SAS\JRE\BIN\
ProcessID : 4294582841
Threads : 24
Priority : Normal


#:26 [STIMON.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294588337
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1998
OriginalFilename : STIMON.EXE

#:27 [NAVAPW32.EXE]
FilePath : C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\
ProcessID : 4294691461
Threads : 9
Priority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPW32.EXE

#:28 [CREATECD.EXE]
FilePath : C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\
ProcessID : 4294519001
Threads : 1
Priority : Normal
FileVersion : 4.05 (409)
ProductVersion : 4.05 (409)
ProductName : Easy CD Creator
CompanyName : Roxio
FileDescription : Adaptec Create CD
InternalName : createcd.exe
LegalCopyright : Copyright © 1996-2001 Roxio, Inc.
OriginalFilename : createcd.exe

#:29 [MSNMSGR.EXE]
FilePath : C:\PROGRAM FILES\MSN MESSENGER\
ProcessID : 4294619481
Threads : 1
Priority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:30 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294533169
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:31 [WZQKPICK.EXE]
FilePath : C:\PROGRAM FILES\WINZIP\
ProcessID : 4294551185
Threads : 1
Priority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 8.1 (4319)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2001 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:32 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294557625
Threads : 5
Priority : Realtime
FileVersion : 4.06.03.0518
ProductVersion : 4.06.03.0518
ProductName : Microsoft® DirectX for Windows® 95 and 98
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : ddhelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : ddhelp.exe

#:33 [EASYSHARE.EXE]
FilePath : C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\
ProcessID : 4294472161
Threads : 4
Priority : Normal
FileVersion : 5, 0, 4, 128
ProductVersion : 4, 0, 2, 134
ProductName : Kodak EasyShare software
CompanyName : Eastman Kodak Company
FileDescription : Kodak EasyShare software
InternalName : EasyShare
LegalCopyright : Copyright © Eastman Kodak Company 2002
LegalTrademarks : EasyShare
OriginalFilename : EasyShare.exe

#:34 [KODAK SOFTWARE UPDATER.EXE]
FilePath : C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\
ProcessID : 4294567205
Threads : 5
Priority : Normal


#:35 [CSINSM32.EXE]
FilePath : C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\
ProcessID : 4294489845
Threads : 4
Priority : Normal
FileVersion : 6.01.0012
ProductVersion : 6.01
ProductName : Norton CleanSweep
CompanyName : Symantec Corporation
FileDescription : Norton CleanSweep Install Monitor
InternalName : CSINSM
LegalCopyright : Copyright © 1992-2001 Symantec Corporation
LegalTrademarks : SmartSweep is a trademark of Symantec Corporation.
OriginalFilename : CSINSM*.EXE

#:36 [Monwow.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton CleanSweep\
ProcessID : 4294441529
Threads : 1
Priority : Normal
FileVersion : 6.01.0012
ProductVersion : 6.01
ProductName : Norton CleanSweep
CompanyName : Symantec Corporation
FileDescription : Norton SmartSweep for NT WOW monitor
InternalName : MONWOW
LegalCopyright : Copyright © 2001-2002 Symantec Corporation
OriginalFilename : MonWOW.EXE

#:37 [PSTORES.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294098409
Threads : 3
Priority : Normal
FileVersion : 5.00.1877.3
ProductVersion : 5.00.1877.3
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : Protected storage server

#:38 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4293988161
Threads : 3
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuText

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText

Security iGuard Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\rex-services

Security iGuard Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\rex-services
Value : MGuid

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Windows Object Recognized!
Type : RegData
Data : explorer.exe, msmsgs.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe, msmsgs.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 12
Objects found so far: 22


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@serving-sys[2].txt
Category : Data Miner
Comment : Hits:17
Value : Cookie:user@serving-sys.com/
Expires : 12-31-37 10:00:00 PM
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@fastclick[3].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:user@fastclick.net/
Expires : 4-23-07 8:44:16 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@servedby.advertising[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:user@servedby.advertising.com/
Expires : 6-2-05 9:03:52 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@2o7[3].txt
Category : Data Miner
Comment : Hits:22
Value : Cookie:user@2o7.net/
Expires : 5-2-10 9:03:54 PM
LastSync : Hits:22
UseCount : 0
Hits : 22

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:user@tribalfusion.com/
Expires : 12-31-37 5:00:00 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@atdmt[3].txt
Category : Data Miner
Comment : Hits:14
Value : Cookie:user@atdmt.com/
Expires : 5-1-10 5:00:00 PM
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@ads.pointroll[3].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:user@ads.pointroll.com/
Expires : 12-31-09 5:00:00 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@bs.serving-sys[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:user@bs.serving-sys.com/
Expires : 12-31-37 10:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@advertising[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:user@advertising.com/
Expires : 5-2-10 9:03:52 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@zedo[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@zedo[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@tripod[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@tripod[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@findwhat[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@findwhat[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@versiontracker[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@versiontracker[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@realmedia[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@0[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@0[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@data.coremetrics[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@data.coremetrics[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@casalemedia[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@casalemedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@sextracker[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@sextracker[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@cgi-bin[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@www.ppctracking[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@www.ppctracking[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@test.coremetrics[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@test.coremetrics[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@qsrch[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@qsrch[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@tribalfusion[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@tribalfusion[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@cgi-bin[3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@cgi-bin[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@linksynergy[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@linksynergy[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@apmebf[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@apmebf[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@valueclick[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@valueclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@2o7[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@questionmarket[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@edge.ru4[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@edge.ru4[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@cgi-bin[6].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@cgi-bin[6].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@adtech[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@adtech[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@247realmedia[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@247realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@valueclick[3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@valueclick[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@perf.overture[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@perf.overture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@maxserving[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@maxserving[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@phg.hitbox[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@phg.hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@trafficmp[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@trafficmp[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@cs.sexcounter[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@cs.sexcounter[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@bluemountain[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@bluemountain[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@revenue[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@revenue[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@as-us.falkag[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@as-us.falkag[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@tickle[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@tickle[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@bilbo.counted[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@bilbo.counted[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@domainsponsor[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@domainsponsor[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@overstock[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@overstock[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@landing.domainsponsor[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@landing.domainsponsor[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@counter.hitslink[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@counter.hitslink[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@advertising[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@server.iad.liveperson[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@server.iad.liveperson[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@stat.onestat[2].txt
Category : Data Miner
Comment : www.searchtraffic.com
Value : C:\WINDOWS\Cookies\user@stat.onestat[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@hitbox[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@clickagents[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@clickagents[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@ehg-mtv.hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@ehg-mtv.hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@xxxcounter[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@xxxcounter[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@ads.pointroll[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@ads.pointroll[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@serving-sys[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@serving-sys[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@counter7.sextracker[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@counter7.sextracker[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@ehg-bebe.hitbox[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@ehg-bebe.hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@centrport[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@centrport[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@targetnet[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@targetnet[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@qksrv[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@qksrv[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@adrevolver[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@adrevolver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@mediaplex[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@mediaplex[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@cgi-bin[4].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@cgi-bin[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@ads.adsag[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@ads.adsag[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@cgi-bin[5].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@cgi-bin[5].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@ehg-cbs.hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@ehg-cbs.hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@ehg-foxsports.hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@ehg-foxsports.hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@bluestreak[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@bluestreak[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@paycounter[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@paycounter[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@ads.addynamix[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@ads.addynamix[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@bravenet[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@bravenet[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@ehg-kodak.hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@ehg-kodak.hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@ehg-dig.hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@ehg-dig.hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@c5.zedo[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@c5.zedo[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@bs.serving-sys[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@bs.serving-sys[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@z1.adserver[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@z1.adserver[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@sel.as-us.falkag[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@sel.as-us.falkag[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@cgi-bin[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@cgi-bin[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@statcounter[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@statcounter[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@bfast[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@bfast[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@commission-junction[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@commission-junction[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@counter3.sextracker[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@counter3.sextracker[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@counter2.hitslink[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@counter2.hitslink[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@overture[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@overture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@servedby.advertising[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@servedby.advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@fastclick[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@fastclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@ehg-guess.hitbox[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\user@ehg-guess.hitbox[1].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 91
Objects found so far: 113



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@zedo[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\user@zedo[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@atdmt[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\user@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@tripod[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\user@tripod[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@findwhat[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\user@findwhat[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@versiontracker[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\user@versiontracker[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@realmedia[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\user@realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@0[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\user@0[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@data.coremetrics[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\user@data.coremetrics[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@casalemedia[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\user@casalemedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@sextracker[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\user@sextracker[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\user@cgi-bin[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@www.ppctracking[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\user@www.ppctracking[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@test.coremetrics[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\user@test.coremetrics[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@qsrch[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\user@qsrch[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@tribalfusion[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies&#
  • 0

Advertisements


#2
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Welcome!

Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R42 28.04.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to help in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to any objects you wish to remove. Click next, Click Ok.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:
  • 0

#3
needPChelp

needPChelp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I guess I can post this here since I'm trying to get killbox to help rid me of the Smitfraud Trojan. I tried using a download link but it's not working. It appears as if it is downloading but then I get a box to appear that reads

Pocket Killbox
Full path of file to delete(that is blank)
then at the lower right it reads
KERNELL32 DLL

what do with this better yet what am I doing wrong? Because I can't find it on the computer/
  • 0

#4
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Hello there! Sorry to barge in, but I wanted to let you know that I merged your Killbox question with your original thread.

We highly recommend that you do not use Killbox unless you are asked to do so by a Staff Member of this forum, as files that may appear to be *bad* (having odd filenames) are often very legit and necessary files. We're happy to help get you fixed up and will provide you instructions on doing so! :tazz:
  • 0

#5
iqbal

iqbal

    Member

  • Member
  • PipPip
  • 17 posts
i have the same problem but with slight difference.

after visiting a website a trojan spy.HTML.smitfraud.c installed on my pc and then desktop normal background is replaced by a blue backgroun on which the a a warning that the trojan spy.HTML.smitfraud.c is found on my computer and i should use the available spy remover to remove it. But when i ran my ad-aware se plus , it didnt find any thing. I tried to re-enstate the normal back ground scene but invane, because when i tried to right click to go for properties , the properties tab showed only two tabs as given in the attatchment picture. the other tabs ( background tab is one of them) were not available in the properties box. please help me how can i restore my normal desktop background and the remaining tabs of the desktop properties box.

iqbal

Attached Thumbnails

  • desktop_image.png
  • desktop_image_with_properties_box.png

  • 0

#6
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Could you possibly perform webupdate with your Ad-aware, then follow all the instructions at my post above.

- Rawe :tazz:
  • 0

#7
needPChelp

needPChelp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, May 11, 2005 10:48:44 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-11-05 10:48:44 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4279180969
Threads : 4
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294920761
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294925705
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [MSTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSTASK.EXE
Command Line : mstask.exe
ProcessID : 4294891701
Threads : 2
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:5 [XPAGENT.EXE]
ModuleName : C:\PROGRAM FILES\XPOINT\AGENT\XPAGENT.EXE
Command Line : C:\PROGRA~1\XPOINT\agent\xpagent.exe win9x
ProcessID : 4294896653
Threads : 6
Priority : Normal


#:6 [XPCLIENT.EXE]
ModuleName : C:\PROGRAM FILES\XPOINT\EECLIENT\XPCLIENT.EXE
Command Line : C:\PROGRA~1\XPOINT\EEClient\xpclient.exe /s
ProcessID : 4294893733
Threads : 5
Priority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Xpoint Technologies Uptime!
CompanyName : Xpoint Technologies
FileDescription : Uptime
InternalName : Uptime!
LegalCopyright : Copyright © 2001

#:7 [MWSSW32.EXE]
ModuleName : C:\WINDOWS\MWW32\MANAGER\MWSSW32.EXE
Command Line : -2147483648
ProcessID : 4294836901
Threads : 7
Priority : Normal
FileVersion : 2.60.38.0
ProductVersion : 2.60.38.0
ProductName : ThinkPad Modem
CompanyName : IBM Corporation
FileDescription : ThinkPad Modem Software
InternalName : mwssw32
LegalCopyright : Copyright © 1992, 1999, IBM Corporation
OriginalFilename : mwssw32.exe

#:8 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4294933941
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:9 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4294827217
Threads : 17
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:10 [TASKMON.EXE]
ModuleName : C:\WINDOWS\TASKMON.EXE
Command Line : "C:\WINDOWS\taskmon.exe"
ProcessID : 4294779325
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:11 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\systray.exe"
ProcessID : 4294784685
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:12 [IRMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\IRMON.EXE
Command Line : "C:\WINDOWS\SYSTEM\IrMon.exe"
ProcessID : 4294802001
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft Infrared Support
CompanyName : Microsoft Corporation
FileDescription : Microsoft Infrared Control Panel
InternalName : Infrared
LegalCopyright : © 1998 Microsoft. Portions © Hewlett-Packard
OriginalFilename : irmon.exe

#:13 [TPHKMGR.EXE]
ModuleName : C:\PROGRAM FILES\THINKPAD\UTILITIES\TPHKMGR.EXE
Command Line : "C:\PROGRA~1\THINKPAD\UTILIT~1\TPHKMGR.EXE"
ProcessID : 4294750113
Threads : 2
Priority : Normal


#:14 [TP98TRAY.EXE]
ModuleName : C:\PROGRAM FILES\THINKPAD\UTILITIES\TP98TRAY.EXE
Command Line : "C:\PROGRA~1\THINKPAD\UTILIT~1\TP98TRAY.EXE"
ProcessID : 4294781873
Threads : 1
Priority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : IBM ThinkPad Tray Utility
CompanyName : IBM Corp.
FileDescription : IBM ThinkPad Tray Utility
InternalName : IBM ThinkPad Tray Utility
LegalCopyright : Copyright © IBM Corp. 1998,2002.
OriginalFilename : Tp98Tray.exe

#:15 [DIRECTCD.EXE]
ModuleName : C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
Command Line : "C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE"
ProcessID : 4294750889
Threads : 1
Priority : Normal
FileVersion : 3.05 (210)
ProductVersion : 3.05 (210)
ProductName : DirectCD
CompanyName : Adaptec
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 1996-2001 Adaptec, Inc.
OriginalFilename : DirectCD.EXE

#:16 [XICON.EXE]
ModuleName : C:\PROGRAM FILES\XPOINT\AGENT\XICON.EXE
Command Line : "C:\PROGRA~1\XPOINT\agent\xicon.exe"
ProcessID : 4294764661
Threads : 1
Priority : Normal


#:17 [PCRECSA.EXE]
ModuleName : C:\PROGRAM FILES\XPOINT\PE\PCRECSA.EXE
Command Line : "C:\PROGRA~1\XPOINT\PE\PCRecSA.exe" -noshow
ProcessID : 4294712901
Threads : 3
Priority : Normal


#:18 [VIEWMGR.EXE]
ModuleName : C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
Command Line : "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
ProcessID : 4294766457
Threads : 1
Priority : Normal
FileVersion : 2, 0, 0, 42
ProductVersion : 2, 0, 0, 42
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright © 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager

#:19 [LOADQM.EXE]
ModuleName : C:\WINDOWS\LOADQM.EXE
Command Line : "C:\WINDOWS\loadqm.exe"
ProcessID : 4294802777
Threads : 3
Priority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE

#:20 [KODAKCCS.EXE]
ModuleName : C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
Command Line : "C:\WINDOWS\System32\Drivers\KodakCCS.exe"
ProcessID : 4294720125
Threads : 2
Priority : Normal
FileVersion : 1.1.5100.4
ProductVersion : 4.4.0.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : KodakCCS.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2004
OriginalFilename : DcFsSvc.exe

#:21 [QTTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\QTTASK.EXE
Command Line : "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
ProcessID : 4294724805
Threads : 5
Priority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:22 [STIMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\STIMON.EXE
Command Line : "C:\WINDOWS\SYSTEM\STIMON.EXE"
ProcessID : 4294727197
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1998
OriginalFilename : STIMON.EXE

#:23 [AVGCC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE" /STARTUP
ProcessID : 4294731233
Threads : 5
Priority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:24 [AVGEMC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE"
ProcessID : 4294687193
Threads : 6
Priority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:25 [AVGAMSVR.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE"
ProcessID : 4294695497
Threads : 4
Priority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:26 [CREATECD.EXE]
ModuleName : C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
Command Line : "C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE" -r
ProcessID : 4294699381
Threads : 1
Priority : Normal
FileVersion : 4.05 (409)
ProductVersion : 4.05 (409)
ProductName : Easy CD Creator
CompanyName : Roxio
FileDescription : Adaptec Create CD
InternalName : createcd.exe
LegalCopyright : Copyright © 1996-2001 Roxio, Inc.
OriginalFilename : createcd.exe

#:27 [MSNMSGR.EXE]
ModuleName : C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ProcessID : 4294662629
Threads : 1
Priority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:28 [WZQKPICK.EXE]
ModuleName : C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE"
ProcessID : 4294593829
Threads : 1
Priority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 8.1 (4319)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2001 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:29 [EASYSHARE.EXE]
ModuleName : C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
Command Line : "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" -h
ProcessID : 4294578293
Threads : 4
Priority : Normal
FileVersion : 5, 0, 4, 128
ProductVersion : 4, 0, 2, 134
ProductName : Kodak EasyShare software
CompanyName : Eastman Kodak Company
FileDescription : Kodak EasyShare software
InternalName : EasyShare
LegalCopyright : Copyright © Eastman Kodak Company 2002
LegalTrademarks : EasyShare
OriginalFilename : EasyShare.exe

#:30 [KODAK SOFTWARE UPDATER.EXE]
ModuleName : C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\KODAK SOFTWARE UPDATER.EXE
Command Line : "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"
ProcessID : 4294572189
Threads : 5
Priority : Normal


#:31 [WMIEXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\WMIEXE.EXE
Command Line : WmiExe 64
ProcessID : 4294524229
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:32 [DDHELP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DDHELP.EXE
Command Line : ddhelp.exe
ProcessID : 4294523077
Threads : 5
Priority : Realtime
FileVersion : 4.06.03.0518
ProductVersion : 4.06.03.0518
ProductName : Microsoft® DirectX for Windows® 95 and 98
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : ddhelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : ddhelp.exe

#:33 [JAVAW.EXE]
ModuleName : C:\PROGRAM FILES\XPOINT\SAS\JRE\BIN\JAVAW.EXE
Command Line : "C:\PROGRA~1\XPOINT\SAS\JRE\BIN\JAVAW.EXE" -Xrs -Dxp.home=C:\PROGRA~1\XPOINT\SAS -cp C:\PROGRA~1\XPOINT\SAS\jre\lib\ext\etc com.xpointdirect.sas.SASNode
ProcessID : 4294262465
Threads : 25
Priority : Normal


#:34 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4294244377
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:35 [HH.EXE]
ModuleName : C:\WINDOWS\HH.EXE
Command Line : "C:\WINDOWS\hh.exe" C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\manual.chm
ProcessID : 4294166857
Threads : 5
Priority : Normal
FileVersion : 5.2.3644.0
ProductVersion : 5.2.3644.0
ProductName : HTML Help
CompanyName : Microsoft Corporation
FileDescription : Microsoft® HTML Help Executable
InternalName : HH 1.4
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : HH.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Deep scanning and examining files (d:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Not Avaliable

Disk Scan Result for d:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
11:09:20 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:20:35.110
Objects scanned:59107
Objects identified:0
Objects ignored:0
New critical objects:0


Here is the new logfile after using the instructions Rawe gave in his reply post on 5/4/05. I still have IE fatal error Trojan-spy Smithfraud.c on my screen.
  • 0

#8
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid


Exit Add/Remove Programs.

*IMPORTANT*CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES

Press CTRL ALT DELETE to open Windows Task Manger. Click on the Processes tab and end the following processes:

List any files going to be deleted that are running

Exit Task Manager.

I need you to copy all of the Killbox instructions below and paste them into Notepad and save it for use while in Safe Mode.

* Please download the Killbox by Option^Explicit. *In the event you already have Killbox, this is a new version that I need you to download.
Unzip it to the desktop but do NOT run it yet.

* Please reboot into Safe Mode by restarting your computer and tapping F8 continuously as your computer is booting up until a menu appears. use your up arrow key to highlight "Safe Mode", then hit enter

* Once in Safe Mode, please run Killbox.

* Select "Delete on Reboot".

* Open the Notepad file where you saved these instructions earlier, and copy the file names below to the clipboard by highlighting them and pressing CTRL + C:

C:\wp.exe
C:\wp.bmp
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\WINDOWS\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\system32\msole32.exe


* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually. While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Yes, we need you to go back into Safe Mode!

Make sure you can view hidden files.

Using Windows Explorer, delete the following (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard

Reboot into normal mode.

*Download and install Registrar Lite version 2.00
*Double click the purple Registrar Lite icon on your desktop.
*Copy the line below and paste it into the "Address" field (located at the top) of the program:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

*Click the "Go" button.
*It will take you into the "Policies" folder.
*Locate the "System" folder (in the right panel)
*If found, right-click on the System folder and go to Delete
*Be very careful that you only delete the System folder that is inside the Policies folder.

Reboot your computer again.

Please go to http://www.bleepingc...g/smitfraud.reg and download that file,
Once downloaded, Please run it.
It will ask if you want it to merge with the registry.

Please accept this, You will have to reboot

1.) Download the Hoster from HERE Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Download: http://www.mvps.org/winhelp2002/DelDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download, install, and run CleanUp!

4.) Run this online virus scan: ActiveScan - Save the results from the scan!

[b]Post a new Ad-aware SE Logfile.

  • 0

#9
needPChelp

needPChelp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I'm getting very frustrated. I'm trying to follow the instructions from the last post, but I just can't download Killbox what am I doing wrong? I appreciate all help I've gotten so far but I'm stumped now.
  • 0

#10
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
http://www.atribune....ads/KillBox.exe

or

http://www.bleepingc...are/KillBox.zip
  • 0

#11
needPChelp

needPChelp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ad-Aware SE Build 1.05
Logfile Created on:Friday, May 20, 2005 9:57:01 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R46 17.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):6 total references
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-20-05 9:57:01 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4279234875
Threads : 4
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294944171
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294947355
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [MSTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSTASK.EXE
Command Line : mstask.exe
ProcessID : 4294850247
Threads : 2
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:5 [XPAGENT.EXE]
ModuleName : C:\PROGRAM FILES\XPOINT\AGENT\XPAGENT.EXE
Command Line : C:\PROGRA~1\XPOINT\agent\xpagent.exe win9x
ProcessID : 4294836495
Threads : 6
Priority : Normal


#:6 [XPCLIENT.EXE]
ModuleName : C:\PROGRAM FILES\XPOINT\EECLIENT\XPCLIENT.EXE
Command Line : C:\PROGRA~1\XPOINT\EEClient\xpclient.exe /s
ProcessID : 4294840755
Threads : 5
Priority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Xpoint Technologies Uptime!
CompanyName : Xpoint Technologies
FileDescription : Uptime
InternalName : Uptime!
LegalCopyright : Copyright © 2001

#:7 [MWSSW32.EXE]
ModuleName : C:\WINDOWS\MWW32\MANAGER\MWSSW32.EXE
Command Line : -2147483648
ProcessID : 4294864163
Threads : 7
Priority : Normal
FileVersion : 2.60.38.0
ProductVersion : 2.60.38.0
ProductName : ThinkPad Modem
CompanyName : IBM Corporation
FileDescription : ThinkPad Modem Software
InternalName : mwssw32
LegalCopyright : Copyright © 1992, 1999, IBM Corporation
OriginalFilename : mwssw32.exe

#:8 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4294883811
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:9 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4294832807
Threads : 16
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:10 [TASKMON.EXE]
ModuleName : C:\WINDOWS\TASKMON.EXE
Command Line : "C:\WINDOWS\taskmon.exe"
ProcessID : 4294819663
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:11 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\systray.exe"
ProcessID : 4294806267
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:12 [IRMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\IRMON.EXE
Command Line : "C:\WINDOWS\SYSTEM\IrMon.exe"
ProcessID : 4294725275
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft Infrared Support
CompanyName : Microsoft Corporation
FileDescription : Microsoft Infrared Control Panel
InternalName : Infrared
LegalCopyright : © 1998 Microsoft. Portions © Hewlett-Packard
OriginalFilename : irmon.exe

#:13 [TPHKMGR.EXE]
ModuleName : C:\PROGRAM FILES\THINKPAD\UTILITIES\TPHKMGR.EXE
Command Line : "C:\PROGRA~1\THINKPAD\UTILIT~1\TPHKMGR.EXE"
ProcessID : 4294722583
Threads : 2
Priority : Normal


#:14 [TP98TRAY.EXE]
ModuleName : C:\PROGRAM FILES\THINKPAD\UTILITIES\TP98TRAY.EXE
Command Line : "C:\PROGRA~1\THINKPAD\UTILIT~1\TP98TRAY.EXE"
ProcessID : 4294717455
Threads : 1
Priority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : IBM ThinkPad Tray Utility
CompanyName : IBM Corp.
FileDescription : IBM ThinkPad Tray Utility
InternalName : IBM ThinkPad Tray Utility
LegalCopyright : Copyright © IBM Corp. 1998,2002.
OriginalFilename : Tp98Tray.exe

#:15 [DIRECTCD.EXE]
ModuleName : C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
Command Line : "C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE"
ProcessID : 4294817451
Threads : 1
Priority : Normal
FileVersion : 3.05 (210)
ProductVersion : 3.05 (210)
ProductName : DirectCD
CompanyName : Adaptec
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 1996-2001 Adaptec, Inc.
OriginalFilename : DirectCD.EXE

#:16 [XICON.EXE]
ModuleName : C:\PROGRAM FILES\XPOINT\AGENT\XICON.EXE
Command Line : "C:\PROGRA~1\XPOINT\agent\xicon.exe"
ProcessID : 4294712063
Threads : 1
Priority : Normal


#:17 [PCRECSA.EXE]
ModuleName : C:\PROGRAM FILES\XPOINT\PE\PCRECSA.EXE
Command Line : "C:\PROGRA~1\XPOINT\PE\PCRecSA.exe" -noshow
ProcessID : 4294769827
Threads : 3
Priority : Normal


#:18 [VIEWMGR.EXE]
ModuleName : C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
Command Line : "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
ProcessID : 4294752127
Threads : 1
Priority : Normal
FileVersion : 2, 0, 0, 42
ProductVersion : 2, 0, 0, 42
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright © 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager

#:19 [LOADQM.EXE]
ModuleName : C:\WINDOWS\LOADQM.EXE
Command Line : "C:\WINDOWS\loadqm.exe"
ProcessID : 4294711143
Threads : 3
Priority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE

#:20 [KODAKCCS.EXE]
ModuleName : C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
Command Line : "C:\WINDOWS\System32\Drivers\KodakCCS.exe"
ProcessID : 4294664927
Threads : 2
Priority : Normal
FileVersion : 1.1.5100.4
ProductVersion : 4.4.0.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : KodakCCS.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2004
OriginalFilename : DcFsSvc.exe

#:21 [QTTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\QTTASK.EXE
Command Line : "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
ProcessID : 4294669711
Threads : 5
Priority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:22 [STIMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\STIMON.EXE
Command Line : "C:\WINDOWS\SYSTEM\STIMON.EXE"
ProcessID : 4294658467
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1998
OriginalFilename : STIMON.EXE

#:23 [AVGCC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE" /STARTUP
ProcessID : 4294738303
Threads : 5
Priority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:24 [AVGEMC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE"
ProcessID : 4294689751
Threads : 6
Priority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:25 [AVGAMSVR.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE"
ProcessID : 4294686619
Threads : 4
Priority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:26 [CREATECD.EXE]
ModuleName : C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
Command Line : "C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE" -r
ProcessID : 4294674435
Threads : 1
Priority : Normal
FileVersion : 4.05 (409)
ProductVersion : 4.05 (409)
ProductName : Easy CD Creator
CompanyName : Roxio
FileDescription : Adaptec Create CD
InternalName : createcd.exe
LegalCopyright : Copyright © 1996-2001 Roxio, Inc.
OriginalFilename : createcd.exe

#:27 [MSNMSGR.EXE]
ModuleName : C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ProcessID : 4294679671
Threads : 1
Priority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:28 [WZQKPICK.EXE]
ModuleName : C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE"
ProcessID : 4294616363
Threads : 1
Priority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 8.1 (4319)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2001 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:29 [EASYSHARE.EXE]
ModuleName : C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
Command Line : "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" -h
ProcessID : 4294613579
Threads : 4
Priority : Normal
FileVersion : 5, 0, 4, 128
ProductVersion : 4, 0, 2, 134
ProductName : Kodak EasyShare software
CompanyName : Eastman Kodak Company
FileDescription : Kodak EasyShare software
InternalName : EasyShare
LegalCopyright : Copyright © Eastman Kodak Company 2002
LegalTrademarks : EasyShare
OriginalFilename : EasyShare.exe

#:30 [KODAK SOFTWARE UPDATER.EXE]
ModuleName : C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\KODAK SOFTWARE UPDATER.EXE
Command Line : "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"
ProcessID : 4294565207
Threads : 5
Priority : Normal


#:31 [DDHELP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DDHELP.EXE
Command Line : ddhelp.exe
ProcessID : 4294753771
Threads : 6
Priority : Realtime
FileVersion : 4.06.03.0518
ProductVersion : 4.06.03.0518
ProductName : Microsoft® DirectX for Windows® 95 and 98
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : ddhelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : ddhelp.exe

#:32 [WMIEXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\WMIEXE.EXE
Command Line : WmiExe 64
ProcessID : 4294469223
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:33 [IEXPLORE.EXE]
ModuleName : C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
Command Line : n/a
ProcessID : 4294325451
Threads : 28
Priority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:34 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4294281967
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1d27210e-2da2-41e2-a103-b5fd9d6a798b}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@centrport[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:user@centrport.net/
Expires : 12-31-29 5:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 2



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@centrport[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\user@centrport[1].txt

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Deep scanning and examining files (d:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Not Avaliable

Disk Scan Result for d:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 3




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{9d573d0e-663c-435f-bf31-2c4497373c41}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{9d573d0e-663c-435f-bf31-2c4497373c41}
Value :

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\run
Value : WindowsFY

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar

CoolWebSearch Object Recognized!
Type : File
Data : HOSTS
Category : Malware
Comment :
Object : C:\WINDOWS\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 8

10:21:35 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:24:34.90
Objects scanned:60581
Objects identified:8
Objects ignored:0
New critical objects:8


This is the logfile since following the post from "A-Team" and the IE Fatal Error Smitfraud Trojan is no longer on the screen. Now I do have a few issues to ask about. When following the instructions when I ran killbox in safe mode and chose delete on reboot option the only file that came up is C:\wp.bmp also when I used the red and white delete file button I got the delete on reboot prompt but not the Pending operations prompt. Also when in Windows Explorer there were no folders(Search Maid, Virtual Maid, Log files or Security Iguard)to be found, but I have a Seurity Iguard shortcut on my desktop but I removed it from ADD/Delete programs at the start of the instructions. When I downloaded the DelDomains.inf file when I installed it a message read A device attached is not functioning properly I don't know if that worked properly. Will Activescan conflict with my AVG virus program and should I post the results of that scan(I saved them)?
  • 0

#12
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0

#13
needPChelp

needPChelp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:58:03 PM, on 5/21/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\XPOINT\EECLIENT\XPCLIENT.EXE
C:\WINDOWS\MWW32\MANAGER\MWSSW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAM FILES\THINKPAD\UTILITIES\TPHKMGR.EXE
C:\PROGRAM FILES\THINKPAD\UTILITIES\TP98TRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\XPOINT\AGENT\XICON.EXE
C:\PROGRAM FILES\XPOINT\PE\PCRECSA.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\KODAK SOFTWARE UPDATER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6SZ9KZTA\HIJACKTHIS[1].EXE

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] systray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [Modem Update Reminder] C:\WINDOWS\MWW32\manager\mwremind.exe autorun
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\THINKPAD\UTILIT~1\TPHKMGR.EXE
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\THINKPAD\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [Xicon] C:\PROGRA~1\XPOINT\agent\xicon.exe
O4 - HKLM\..\Run: [PCRecSA] C:\PROGRA~1\XPOINT\PE\PCRecSA.exe -noshow
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Xpagent] C:\PROGRA~1\XPOINT\agent\xpagent.exe win9x
O4 - HKLM\..\RunServices: [Xpclient] C:\PROGRA~1\XPOINT\EEClient\xpclient.exe /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WindowsFY] C:\BSW.EXE
O4 - Startup: ThinkPad Modem Copyright.lnk = C:\WINDOWS\MWW32\MANAGER\MWCPYRT.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {6A2A7A40-BB65-11D9-96ED-000D88404D02} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6A2A7A40-BB65-11D9-96ED-000D88404D02} - (no file) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

Will wait to hear.
  • 0

#14
needPChelp

needPChelp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
My last Ad-Aware logfile showed 8 critical objects and then I was refered to this Malware forum and told to run HJT logfile since the smifraud Trojan is not visibly on my screen anymore am I to consider this issue resolved or what?
  • 0

#15
needPChelp

needPChelp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks for the help recieved on this problem so far, I guess there is nothing else.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP