Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Referred]I'm infected!

Started by underdog9 , May 10 2005 03:25 AM

  • Please log in to reply

#1
underdog9
Posted 10 May 2005 - 03:25 AM

underdog9

    Member

  • Member
  • PipPip
  • 19 posts
:tazz: Please review the log posted below and provide any assistance you can in the removal of any and all viruses found. ;)

5-10-2005 1:19:27 AM - Scan started. (Custom mode)


Logfile removed: Incorrect Logfile type posted

Edited by Andy_veal, 10 May 2005 - 06:41 AM.

  • 0

Advertisements

#2
Guest_Andy_veal_*
Posted 10 May 2005 - 06:40 AM

Guest_Andy_veal_*
  • Guest
In order to assist you, we need to see the log from an Ad-Aware SE 1.05 full system scan.

Important Note! Before performing a scan, be sure that you have the most recent definitions file by using WebUpdate. (Click on the Globe icon, Click connect, Click OK, Click Finish.) At this current point * SE1R43 06.05.2005 * is the most recent definition file.

Ad-Aware SE comes preconfigured with default options so we need you to make only one change. Please deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Select "Perform Full System Scan" and press "Next". When the scan has completed, click "Show Logfile".

Please copy/paste the complete log file here using the reply button. Don't quarantine or remove anything at this time, just post a complete logfile. This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted.

When you have posted your log here, Team Lavasoft can advise on what to do next.

Please post back if you have any questions or other problems.

Good luck

Andy
  • 0

#3
underdog9
Posted 11 May 2005 - 01:18 AM

underdog9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hey Andy,

Thanks for your assistance. I have reposted my log as per your instructions. :tazz:


Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, May 10, 2005 6:02:27 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):11 total references
BroadCastPC(TAC index:7):1 total references
CoolWebSearch(TAC index:10):20 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
Tracking Cookie(TAC index:3):116 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 51
File location : C:\Ad aware se\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium
Memory available:17 %
Total physical memory:187892 kb
Available physical memory:30140 kb
Total page file size:458060 kb
Available on page file:177328 kb
Total virtual memory:2097024 kb
Available virtual memory:2046848 kb
OS:Microsoft Windows XP Professional Service Pack 2, v.2082 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

5-10-2005 6:02:27 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 448
ThreadCreationTime : 5-10-2005 4:59:18 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 504
ThreadCreationTime : 5-10-2005 4:59:23 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 528
ThreadCreationTime : 5-10-2005 4:59:24 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 572
ThreadCreationTime : 5-10-2005 4:59:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 584
ThreadCreationTime : 5-10-2005 4:59:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 752
ThreadCreationTime : 5-10-2005 4:59:27 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 788
ThreadCreationTime : 5-10-2005 4:59:28 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 888
ThreadCreationTime : 5-10-2005 4:59:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k NetworkService
ProcessID : 988
ThreadCreationTime : 5-10-2005 4:59:34 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 1028
ThreadCreationTime : 5-10-2005 4:59:35 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1192
ThreadCreationTime : 5-10-2005 4:59:39 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1324
ThreadCreationTime : 5-10-2005 4:59:46 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:13 [mcvsrte.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding
ProcessID : 1376
ThreadCreationTime : 5-10-2005 4:59:46 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 12
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:14 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 1408
ThreadCreationTime : 5-10-2005 4:59:46 AM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:15 [mpfservice.exe]
ModuleName : C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
Command Line : C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
ProcessID : 1456
ThreadCreationTime : 5-10-2005 4:59:50 AM
BasePriority : Normal
FileVersion : 4.1.0.1
ProductVersion : 4.1.0.1
ProductName : McAfee Personal Firewall
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2000,2001
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service

#:16 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[378]SUSDSf572a3fa291de242b2826586b012da1a
ProcessID : 1728
ThreadCreationTime : 5-10-2005 5:00:37 AM
BasePriority : Normal
FileVersion : 5.4.3790.2082 (xpsp.040216-1810)
ProductVersion : 5.4.3790.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:17 [mcshield.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
ProcessID : 2012
ThreadCreationTime : 5-10-2005 5:02:45 AM
BasePriority : High


#:18 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1924
ThreadCreationTime : 5-10-2005 6:58:01 AM
BasePriority : Normal
FileVersion : 6.00.2900.2082 (xpsp.040216-1810)
ProductVersion : 6.00.2900.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:19 [rxmon.exe]
ModuleName : C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
Command Line : "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
ProcessID : 1696
ThreadCreationTime : 5-10-2005 6:58:24 AM
BasePriority : Normal


#:20 [mcvsshld.exe]
ModuleName : C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
Command Line : "C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
ProcessID : 1656
ThreadCreationTime : 5-10-2005 6:58:29 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 15
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:21 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe"
ProcessID : 1104
ThreadCreationTime : 5-10-2005 6:58:33 AM
BasePriority : Normal


#:22 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1120
ThreadCreationTime : 5-10-2005 6:58:34 AM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:23 [mpftray.exe]
ModuleName : C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
Command Line : "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe"
ProcessID : 1084
ThreadCreationTime : 5-10-2005 6:58:36 AM
BasePriority : Normal
FileVersion : 5.0.1.5
ProductVersion : 5.0.1.5
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Tray Monitor
InternalName : MpfTray
LegalCopyright : Copyright © 2000-2003 Networks Associates Technologies, Inc.
OriginalFilename : MPFTRAY.EXE
Comments : Tray Icon for McAfee Personal Firewall

#:24 [mcvsescn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\mcvsescn.exe
Command Line : "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled
ProcessID : 1280
ThreadCreationTime : 5-10-2005 6:58:38 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 30
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:25 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 1160
ThreadCreationTime : 5-10-2005 6:58:39 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:26 [mssysmgr.exe]
ModuleName : C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
Command Line : "C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe"
ProcessID : 1036
ThreadCreationTime : 5-10-2005 6:58:44 AM
BasePriority : Normal


#:27 [jucheck.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
Command Line : -auto
ProcessID : 960
ThreadCreationTime : 5-10-2005 6:58:45 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : UpdateChecker Module
FileDescription : UpdateChecker Module
InternalName : UpdateChecker
LegalCopyright : Copyright 2002
OriginalFilename : UpdateChecker.EXE

#:28 [wp.exe]
ModuleName : C:\wp.exe
Command Line : "C:\wp.exe"
ProcessID : 1008
ThreadCreationTime : 5-10-2005 6:58:47 AM
BasePriority : Normal


#:29 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\msnmsgr.exe
Command Line : "C:\Program Files\MSN Messenger\msnmsgr.exe"
ProcessID : 1872
ThreadCreationTime : 5-10-2005 6:59:23 AM
BasePriority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:30 [mcagent.exe]
ModuleName : c:\program files\mcafee.com\agent\mcagent.exe
Command Line : "c:\program files\mcafee.com\agent\mcagent.exe" -Embedding
ProcessID : 1768
ThreadCreationTime : 5-10-2005 6:59:27 AM
BasePriority : Normal
FileVersion : 5, 1, 0, 2
ProductVersion : 5, 1, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe

#:31 [mpfagent.exe]
ModuleName : C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
Command Line : C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe -Embedding
ProcessID : 1240
ThreadCreationTime : 5-10-2005 6:59:52 AM
BasePriority : Normal
FileVersion : 5.1.0.8
ProductVersion : 5.1.0.8
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Agent Interface
InternalName : MpfAgent
LegalCopyright : Copyright © 2000-2004 Networks Associates Technologies, Inc.
OriginalFilename : MPFAGENT.EXE
Comments : McAfee Personal Firewall Security Center Module

#:32 [mcvsftsn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\mcvsftsn.exe
Command Line : c:\progra~1\mcafee.com\vso\mcvsftsn.exe -Embedding
ProcessID : 760
ThreadCreationTime : 5-10-2005 7:00:05 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 20
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsftsn.EXE
Comments : McAfee VirusScan Instant Messenger Scan Module

#:33 [playlist.exe]
ModuleName : C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
Command Line : "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe" -Embedding
ProcessID : 1536
ThreadCreationTime : 5-10-2005 7:00:22 AM
BasePriority : Normal


#:34 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding
ProcessID : 1540
ThreadCreationTime : 5-10-2005 7:00:29 AM
BasePriority : Normal
FileVersion : 4.7.3000
ProductVersion : Version 4.7.3000
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:35 [realonemessagecenter.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe"
ProcessID : 3952
ThreadCreationTime : 5-10-2005 7:41:57 AM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Event Launcher
InternalName : wrapperapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realevent.exe

#:36 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\IEXPLORE.EXE
Command Line : "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
ProcessID : 3840
ThreadCreationTime : 5-10-2005 9:04:43 AM
BasePriority : Normal
FileVersion : 6.00.2900.2082 (xpsp.040216-1810)
ProductVersion : 6.00.2900.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:37 [ypager.exe]
ModuleName : C:\Program Files\Yahoo!\Messenger\YPager.exe
Command Line : "C:\Program Files\Yahoo!\Messenger\YPager.exe"
ProcessID : 276
ThreadCreationTime : 5-10-2005 9:27:23 AM
BasePriority : Normal
FileVersion : 6,0,0,1750
ProductVersion : 6,0,0,1750
ProductName : Yahoo! Messenger
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
InternalName : Yahoo! Messengerr
LegalCopyright : Copyright 1998-2004
OriginalFilename : YPager.exe

#:38 [ad-aware.exe]
ModuleName : C:\Ad aware se\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Ad aware se\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3756
ThreadCreationTime : 5-10-2005 1:00:22 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»



CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}

Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuText

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-725345543-706699826-839522115-1003\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 12
Objects found so far: 12


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bruce [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:bruce [email protected]/
Expires : 4-29-2035 12:17:04 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bruce wheeler@doubleclick[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:bruce [email protected]/
Expires : 5-3-2008 12:26:16 AM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bruce [email protected][2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:bruce [email protected]/
Expires : 1-17-2038 10:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bruce wheeler@atdmt[2].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:bruce [email protected]/
Expires : 4-30-2010 5:00:00 PM
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bruce wheeler@mediaplex[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:bruce [email protected]/
Expires : 6-21-2009 5:00:00 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bruce wheeler@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:bruce [email protected]/
Expires : 12-31-2037 5:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bruce wheeler@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:bruce [email protected]/cgi-bin
Expires : 1-18-2009 4:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bruce wheeler@fastclick[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:bruce [email protected]/
Expires : 4-26-2007 12:56:42 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 20

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BroadCastPC Object Recognized!
Type : File
Data : GLC7.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Bruce Wheeler\Local Settings\Temp\



Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@0[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@0[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@247realmedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@247realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@adrevolver[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@adrevolver[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@advertising[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@apmebf[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@apmebf[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@bfast[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@bfast[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@bluestreak[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@bluestreak[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@bravenet[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@bravenet[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@casalemedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@casalemedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@centrport[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@centrport[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@cgi-bin[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@cgi-bin[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@cgi-bin[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@cgi-bin[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@cgi-bin[4].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@cgi-bin[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@cgi-bin[5].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@cgi-bin[5].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@clickagents[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@clickagents[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@commission-junction[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@commission-junction[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@doubleclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@doubleclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@euniverseads[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@euniverseads[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@fastclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@hitbox[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@linksynergy[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@linksynergy[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@maxserving[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@maxserving[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@mediaplex[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@mediaplex[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@metriweb[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@metriweb[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@okcounter[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@okcounter[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@overture[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@overture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@paycounter[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@paycounter[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@pro-market[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@pro-market[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@qksrv[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@qksrv[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@realmedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@realmedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@realmedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@realmedia[4].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@realmedia[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@realmedia[5].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@realmedia[5].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@revenue[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@revenue[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@sexlist[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@sexlist[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : www.searchtraffic.com
Value : C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@statcounter[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@statcounter[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@targetnet[2].txt
Category : Data Miner
Comment :
Value
  • 0

#4
underdog9
Posted 11 May 2005 - 01:42 AM

underdog9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
continuing.......

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@targetnet[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@targetnet[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@tickle[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@tickle[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@tradedoubler[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@tradedoubler[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@trafficmp[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@trafficmp[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@tribalfusion[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@tripod[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@tripod[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@valueclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@valueclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@valueclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@valueclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@zedo[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@zedo[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@casalemedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@casalemedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@realmedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@realmedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@tmpad[1].txt
Category : Data Miner
Comment : www.searchtraffic.com
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@tmpad[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@trafficmp[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@trafficmp[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@valueclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@valueclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\[email protected][1].txt

CoolWebSearch Object Recognized!
Type : File
Data : feots.txt
Category : Malware
Comment :
Object : C:\WINDOWS\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 130

Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Seven days of free [bleep].url
Category : Misc
Comment : Problematic URL discovered: http://www.7days.ws/
Object : C:\Documents and Settings\Bruce Wheeler\Favorites\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks
Value : {5C8EB660-A6B3-A367-121D-91DE13AFDEC2}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : UninstallString

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search
Value : SearchAssistant

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search\searchproperties\en-us
Value : Panel@Web

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft
Value : set

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : about:blank
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Start Page
Data : about:blank

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 18
Objects found so far: 149

6:39:58 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:37:31.7
Objects scanned:118026
Objects identified:149
Objects ignored:0
New critical objects:149
  • 0

#5
Guest_Andy_veal_*
Posted 11 May 2005 - 12:26 PM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R44 10.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please firstly only select CWS

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#6
underdog9
Posted 11 May 2005 - 11:16 PM

underdog9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hey Andy. Thanks for helping. Hopefully I followed your instructions as posted :tazz:

I am posting another log file below. ;)


Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, May 11, 2005 8:57:29 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):11 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
Tracking Cookie(TAC index:3):108 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Ad aware se\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium
Memory available:23 %
Total physical memory:187892 kb
Available physical memory:42624 kb
Total page file size:458060 kb
Available on page file:297268 kb
Total virtual memory:2097024 kb
Available virtual memory:2047212 kb
OS:Microsoft Windows XP Professional Service Pack 2, v.2082 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-11-2005 8:57:29 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 448
ThreadCreationTime : 5-12-2005 3:12:37 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 504
ThreadCreationTime : 5-12-2005 3:12:43 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 528
ThreadCreationTime : 5-12-2005 3:12:44 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 572
ThreadCreationTime : 5-12-2005 3:12:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 584
ThreadCreationTime : 5-12-2005 3:12:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 752
ThreadCreationTime : 5-12-2005 3:12:46 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 788
ThreadCreationTime : 5-12-2005 3:12:47 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 856
ThreadCreationTime : 5-12-2005 3:12:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k NetworkService
ProcessID : 972
ThreadCreationTime : 5-12-2005 3:12:53 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 1000
ThreadCreationTime : 5-12-2005 3:12:54 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1128
ThreadCreationTime : 5-12-2005 3:12:58 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1228
ThreadCreationTime : 5-12-2005 3:13:00 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:13 [mcvsrte.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding
ProcessID : 1276
ThreadCreationTime : 5-12-2005 3:13:00 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 12
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:14 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 1304
ThreadCreationTime : 5-12-2005 3:13:00 AM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:15 [mpfservice.exe]
ModuleName : C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
Command Line : C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
ProcessID : 1324
ThreadCreationTime : 5-12-2005 3:13:01 AM
BasePriority : Normal
FileVersion : 4.1.0.1
ProductVersion : 4.1.0.1
ProductName : McAfee Personal Firewall
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2000,2001
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service

#:16 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1664
ThreadCreationTime : 5-12-2005 3:13:10 AM
BasePriority : Normal
FileVersion : 6.00.2900.2082 (xpsp.040216-1810)
ProductVersion : 6.00.2900.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:17 [rxmon.exe]
ModuleName : C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
Command Line : "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
ProcessID : 1856
ThreadCreationTime : 5-12-2005 3:13:20 AM
BasePriority : Normal


#:18 [mcvsshld.exe]
ModuleName : C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
Command Line : "C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
ProcessID : 1880
ThreadCreationTime : 5-12-2005 3:13:21 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 15
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:19 [mcvsescn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\mcvsescn.exe
Command Line : "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled
ProcessID : 1924
ThreadCreationTime : 5-12-2005 3:13:23 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 30
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:20 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe"
ProcessID : 1932
ThreadCreationTime : 5-12-2005 3:13:23 AM
BasePriority : Normal


#:21 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1940
ThreadCreationTime : 5-12-2005 3:13:23 AM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:22 [mpftray.exe]
ModuleName : C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
Command Line : "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe"
ProcessID : 1952
ThreadCreationTime : 5-12-2005 3:13:24 AM
BasePriority : Normal
FileVersion : 5.0.1.5
ProductVersion : 5.0.1.5
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Tray Monitor
InternalName : MpfTray
LegalCopyright : Copyright © 2000-2003 Networks Associates Technologies, Inc.
OriginalFilename : MPFTRAY.EXE
Comments : Tray Icon for McAfee Personal Firewall

#:23 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 1996
ThreadCreationTime : 5-12-2005 3:13:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:24 [mssysmgr.exe]
ModuleName : C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
Command Line : "C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe"
ProcessID : 2004
ThreadCreationTime : 5-12-2005 3:13:25 AM
BasePriority : Normal


#:25 [mpfagent.exe]
ModuleName : C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
Command Line : C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe -Embedding
ProcessID : 392
ThreadCreationTime : 5-12-2005 3:13:39 AM
BasePriority : Normal
FileVersion : 5.1.0.8
ProductVersion : 5.1.0.8
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Agent Interface
InternalName : MpfAgent
LegalCopyright : Copyright © 2000-2004 Networks Associates Technologies, Inc.
OriginalFilename : MPFAGENT.EXE
Comments : McAfee Personal Firewall Security Center Module

#:26 [playlist.exe]
ModuleName : C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
Command Line : "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe" -Embedding
ProcessID : 496
ThreadCreationTime : 5-12-2005 3:13:46 AM
BasePriority : Normal


#:27 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[358]SUSDS502e6afdb93a80419e33521075c2ac48
ProcessID : 1060
ThreadCreationTime : 5-12-2005 3:13:56 AM
BasePriority : Normal
FileVersion : 5.4.3790.2082 (xpsp.040216-1810)
ProductVersion : 5.4.3790.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:28 [mcshield.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
ProcessID : 1544
ThreadCreationTime : 5-12-2005 3:15:08 AM
BasePriority : High


#:29 [ad-aware.exe]
ModuleName : C:\Ad aware se\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Ad aware se\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3064
ThreadCreationTime : 5-12-2005 3:56:30 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuText

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-725345543-706699826-839522115-1003\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}



***To be continued***
  • 0

#7
underdog9
Posted 11 May 2005 - 11:19 PM

underdog9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
***Continuing***

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 11
Objects found so far: 11


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@0[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@0[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@247realmedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@247realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@adrevolver[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@adrevolver[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@advertising[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@apmebf[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@apmebf[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@bfast[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@bfast[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@bluestreak[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@bluestreak[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@bravenet[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@bravenet[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@casalemedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@casalemedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@centrport[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@centrport[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@cgi-bin[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@cgi-bin[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@cgi-bin[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@cgi-bin[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@cgi-bin[4].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@cgi-bin[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@cgi-bin[5].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@cgi-bin[5].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@clickagents[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@clickagents[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@commission-junction[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@commission-junction[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@doubleclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@doubleclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@euniverseads[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@euniverseads[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@fastclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@hitbox[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@linksynergy[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@linksynergy[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@maxserving[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@maxserving[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@mediaplex[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@mediaplex[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@metriweb[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@metriweb[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@okcounter[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@okcounter[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@overture[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@overture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@paycounter[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@paycounter[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@pro-market[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@pro-market[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@qksrv[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@qksrv[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@realmedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@realmedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@realmedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@realmedia[4].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@realmedia[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@realmedia[5].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@realmedia[5].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@revenue[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@revenue[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@sexlist[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@sexlist[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : www.searchtraffic.com
Value : C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@statcounter[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@statcounter[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@targetnet[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@targetnet[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@tickle[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@tickle[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@tradedoubler[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@tradedoubler[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@trafficmp[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@trafficmp[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@tribalfusion[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@tripod[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@tripod[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@valueclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@valueclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@valueclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@valueclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@zedo[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Cookies\guest@zedo[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@casalemedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@casalemedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@realmedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@realmedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@tmpad[1].txt
Category : Data Miner
Comment : www.searchtraffic.com
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@tmpad[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@trafficmp[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@trafficmp[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@valueclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@valueclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\[email protected][1].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 119

Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Seven days of free [bleep].url
Category : Misc
Comment : Problematic URL discovered: http://www.7days.ws/
Object : C:\Documents and Settings\Bruce Wheeler\Favorites\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 120

9:23:15 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:25:46.183
Objects scanned:107815
Objects identified:120
Objects ignored:0
New critical objects:120
  • 0

#8
underdog9
Posted 11 May 2005 - 11:28 PM

underdog9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Andy, It appears that Ad-aware did get rid of a few things.... ;) ....but I still have that Smithfraud.c Trojan! I imagine I still have a few other things that I need to get rid of as well.....what should I do next? :tazz: Please advise...
  • 0

#9
Guest_Andy_veal_*
Posted 12 May 2005 - 03:48 PM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

Alexa, is the 'Related Links' feature of IE which appears as the 'Tools'/'Show Related Links' menu item (and a corresponding toolbar button if you added it from the 'Customize...' link on the toolbar). If you use that feature, IE will contact the Alexa servers, via MSN, to obtain information about other web pages which seem to be related, open an Explorer Bar, and display those (plus adverts and whatnot).


If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R44 10.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#10
underdog9
Posted 13 May 2005 - 12:08 AM

underdog9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ok Andy, how does my log look now? Do we proceed to get rid of my Trojan or do I still have other spy ware to get rid of first? :tazz:

Ad-Aware SE Build 1.05
Logfile Created on:Thursday, May 12, 2005 7:41:16 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Ad aware se\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium
Memory available:18 %
Total physical memory:187892 kb
Available physical memory:31972 kb
Total page file size:458060 kb
Available on page file:284748 kb
Total virtual memory:2097024 kb
Available virtual memory:2047200 kb
OS:Microsoft Windows XP Professional Service Pack 2, v.2082 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-12-2005 7:41:16 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 416
ThreadCreationTime : 5-13-2005 2:37:11 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 508
ThreadCreationTime : 5-13-2005 2:37:16 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 532
ThreadCreationTime : 5-13-2005 2:37:17 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 576
ThreadCreationTime : 5-13-2005 2:37:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 588
ThreadCreationTime : 5-13-2005 2:37:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 752
ThreadCreationTime : 5-13-2005 2:37:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 788
ThreadCreationTime : 5-13-2005 2:37:21 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 828
ThreadCreationTime : 5-13-2005 2:37:21 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k NetworkService
ProcessID : 872
ThreadCreationTime : 5-13-2005 2:37:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 940
ThreadCreationTime : 5-13-2005 2:37:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1100
ThreadCreationTime : 5-13-2005 2:37:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1204
ThreadCreationTime : 5-13-2005 2:37:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:13 [mcvsrte.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding
ProcessID : 1264
ThreadCreationTime : 5-13-2005 2:37:30 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 12
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:14 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 1288
ThreadCreationTime : 5-13-2005 2:37:30 AM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:15 [mpfservice.exe]
ModuleName : C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
Command Line : C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
ProcessID : 1316
ThreadCreationTime : 5-13-2005 2:37:31 AM
BasePriority : Normal
FileVersion : 4.1.0.1
ProductVersion : 4.1.0.1
ProductName : McAfee Personal Firewall
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2000,2001
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service

#:16 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1776
ThreadCreationTime : 5-13-2005 2:37:57 AM
BasePriority : Normal
FileVersion : 6.00.2900.2082 (xpsp.040216-1810)
ProductVersion : 6.00.2900.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:17 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : "C:\WINDOWS\system32\rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
ProcessID : 1864
ThreadCreationTime : 5-13-2005 2:38:02 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:18 [rxmon.exe]
ModuleName : C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
Command Line : "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
ProcessID : 1872
ThreadCreationTime : 5-13-2005 2:38:02 AM
BasePriority : Normal


#:19 [mcvsshld.exe]
ModuleName : C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
Command Line : "C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
ProcessID : 1888
ThreadCreationTime : 5-13-2005 2:38:02 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 15
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:20 [mcagent.exe]
ModuleName : C:\PROGRA~1\mcafee.com\agent\mcagent.exe
Command Line : "C:\PROGRA~1\mcafee.com\agent\mcagent.exe"
ProcessID : 1896
ThreadCreationTime : 5-13-2005 2:38:02 AM
BasePriority : Normal
FileVersion : 5, 1, 0, 2
ProductVersion : 5, 1, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe

#:21 [mcupdate.exe]
ModuleName : C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
Command Line : "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe"
ProcessID : 1904
ThreadCreationTime : 5-13-2005 2:38:02 AM
BasePriority : Normal
FileVersion : 5, 1, 0, 2
ProductVersion : 5, 1, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Update Engine
InternalName : mcupdate
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcupdate.exe

#:22 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe"
ProcessID : 1912
ThreadCreationTime : 5-13-2005 2:38:02 AM
BasePriority : Normal


#:23 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1920
ThreadCreationTime : 5-13-2005 2:38:02 AM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:24 [mpftray.exe]
ModuleName : C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
Command Line : "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe"
ProcessID : 1928
ThreadCreationTime : 5-13-2005 2:38:02 AM
BasePriority : Normal
FileVersion : 5.0.1.5
ProductVersion : 5.0.1.5
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Tray Monitor
InternalName : MpfTray
LegalCopyright : Copyright © 2000-2003 Networks Associates Technologies, Inc.
OriginalFilename : MPFTRAY.EXE
Comments : Tray Icon for McAfee Personal Firewall

#:25 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 1944
ThreadCreationTime : 5-13-2005 2:38:02 AM
BasePriority : Normal
FileVersion : 5.1.2600.2082 (xpsp.040216-1810)
ProductVersion : 5.1.2600.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:26 [mssysmgr.exe]
ModuleName : C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
Command Line : "C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe"
ProcessID : 1952
ThreadCreationTime : 5-13-2005 2:38:03 AM
BasePriority : Normal


#:27 [mcvsescn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\mcvsescn.exe
Command Line : "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled
ProcessID : 1996
ThreadCreationTime : 5-13-2005 2:38:06 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 30
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:28 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[33c]SUSDSa748fc87d1ce964d9f518422b2d4f4fe
ProcessID : 184
ThreadCreationTime : 5-13-2005 2:38:19 AM
BasePriority : Normal
FileVersion : 5.4.3790.2082 (xpsp.040216-1810)
ProductVersion : 5.4.3790.2082
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:29 [playlist.exe]
ModuleName : C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
Command Line : "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe" -Embedding
ProcessID : 260
ThreadCreationTime : 5-13-2005 2:38:25 AM
BasePriority : Normal


#:30 [mpfagent.exe]
ModuleName : C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
Command Line : C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe -Embedding
ProcessID : 484
ThreadCreationTime : 5-13-2005 2:38:34 AM
BasePriority : Normal
FileVersion : 5.1.0.8
ProductVersion : 5.1.0.8
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Agent Interface
InternalName : MpfAgent
LegalCopyright : Copyright © 2000-2004 Networks Associates Technologies, Inc.
OriginalFilename : MPFAGENT.EXE
Comments : McAfee Personal Firewall Security Center Module

#:31 [mcshield.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
ProcessID : 276
ThreadCreationTime : 5-13-2005 2:39:29 AM
BasePriority : High


#:32 [ad-aware.exe]
ModuleName : C:\Ad aware se\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Ad aware se\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1884
ThreadCreationTime : 5-13-2005 2:39:46 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Seven days of free [bleep].url
Category : Misc
Comment : Problematic URL discovered: http://www.7days.ws/
Object : C:\Documents and Settings\Bruce Wheeler\Favorites\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

8:09:38 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:28:21.426
Objects scanned:108042
Objects identified:1
Objects ignored:0
New critical objects:1
  • 0

Advertisements

#11
Guest_Andy_veal_*
Posted 18 May 2005 - 11:14 AM

Guest_Andy_veal_*
  • Guest
Please also scan your computer with at least one of the following, free online AV scanners


Panda

Symantec

McAfee

TrendMicro Recommended

F-secure


Keep us updated

Thanks

Andy
  • 0

#12
underdog9
Posted 03 June 2005 - 06:46 AM

underdog9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I have completed the online scan using TrendMicro and no viruses were found. What should I do next to rid my computer of this Trojan?

Thanks in advance for your help.
  • 0

#13
Guest_Andy_veal_*
Posted 03 June 2005 - 05:22 PM

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0

#14
underdog9
Posted 03 June 2005 - 09:43 PM

underdog9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ok, here is my hijackthis log. I'm postin it here and I'll wait till you tell me what to do next. :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 8:35:34 PM, on 6/3/2005
Platform: Windows XP SP2, v.2082 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2082)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fxlwh.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\fxlwh.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\fxlwh.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fxlwh.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\fxlwh.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8EB660-A6B3-A367-121D-91DE13AFDEC2} - C:\WINDOWS\javaim.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28578.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
  • 0

#15
coachwife6
Posted 10 June 2005 - 04:39 AM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Hi UD. Since it's been longer than five days, can you run hijack this for me again and post a new log in this thread? :tazz: Thanks.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP