Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Referred]newgenlook.info

Started by Larry_harmon , May 10 2005 06:23 PM

  • Please log in to reply

#1
Larry_harmon
Posted 10 May 2005 - 06:23 PM

Larry_harmon

    New Member

  • Member
  • Pip
  • 8 posts
HJT Logfile removed:Not requested

Edited by Andy_veal, 11 May 2005 - 12:36 PM.

  • 0

Advertisements

#2
Guest_Andy_veal_*
Posted 11 May 2005 - 12:36 PM

Guest_Andy_veal_*
  • Guest
In order to assist you, we need to see the log from an Ad-Aware SE 1.05 full system scan.

Important Note! Before performing a scan, be sure that you have the most recent definitions file by using WebUpdate. (Click on the Globe icon, Click connect, Click OK, Click Finish.) At this current point * SE1R44 10.05.2005 * is the most recent definition file.

Ad-Aware SE comes preconfigured with default options so we need you to make only one change. Please deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Select "Perform Full System Scan" and press "Next". When the scan has completed, click "Show Logfile".

Please copy/paste the complete log file here using the reply button. Don't quarantine or remove anything at this time, just post a complete logfile. This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted.

When you have posted your log here, Team Lavasoft can advise on what to do next.

Please post back if you have any questions or other problems.

Good luck

Andy
  • 0

#3
Larry_harmon
Posted 11 May 2005 - 01:35 PM

Larry_harmon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here are the diagnostics for Hi-Jack-This

Logfile of HijackThis v1.99.1
Scan saved at 4:09:30 PM, on 5/11/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SLRUNDLL.EXE
C:\PROGRAM FILES\ACCESSORIES\WORDPAD.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0337/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.devtex.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...archbar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presar...archbar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by S&L Internet
F1 - win.ini: run=hpfsched
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.altavista.com"); (C:\Program Files\Netscape\Users\cych6768\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [SystemTasks] C:\filez.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CreateCD50] "c:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ISSVC] "c:\Program Files\Norton Internet Security\ISSVC.exe"
O4 - HKLM\..\RunServices: [ccProxy] c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: Forget Me Not.lnk = C:\Program Files\Mindscape\AGPrint\PMREMIND.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
O14 - IERESET.INF: START_PAGE_URL=http:\\www.devtex.net
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://aol.ea.com/do...trap/iegils.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.1.../ACNePlayer.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab

Attached Files


Edited by Larry_harmon, 11 May 2005 - 03:14 PM.

  • 0

#4
Larry_harmon
Posted 11 May 2005 - 01:47 PM

Larry_harmon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here are the diagnostics for Ad-Aware


Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, May 11, 2005 2:12:34 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):124 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:24 %
Total physical memory:260356 kb
Available physical memory:6656 kb
Total page file size:1836792 kb
Available on page file:1631772 kb
Total virtual memory:2093056 kb
Available virtual memory:2027648 kb
OS:Microsoft Windows 98 SE

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-11-05 2:12:34 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4291779365
Threads : 4
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294946745
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294940681
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4294934985
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:5 [MSTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSTASK.EXE
Command Line : mstask.exe
ProcessID : 4294845941
Threads : 2
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:6 [KB891711.EXE]
ModuleName : c:\windows\SYSTEM\KB891711\KB891711.EXE
Command Line : n/a
ProcessID : 4294853241
Threads : 1
Priority : Normal
FileVersion : 4.10.2223
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB891711 component
InternalName : KB891711
LegalCopyright : Copyright © Microsoft Corp. 1991-2005
OriginalFilename : KB891711.EXE

#:7 [AOLACSD.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
Command Line : "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
ProcessID : 4294853837
Threads : 4
Priority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service
InternalName : AOLacsd
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLacsd.exe

#:8 [CCEVTMGR.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
Command Line : "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 4294872261
Threads : 14
Priority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:9 [CCSETMGR.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
Command Line : "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
ProcessID : 4294871005
Threads : 5
Priority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:10 [HIDSERV.EXE]
ModuleName : C:\WINDOWS\SYSTEM\HIDSERV.EXE
Command Line : Hidserv.exe
ProcessID : 4294890841
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : HID Audio Service
InternalName : hidserv
LegalCopyright : Copyright © Microsoft Corp. 1998, 1999
OriginalFilename : HIDSERV.EXE

#:11 [ISSVC.EXE]
ModuleName : C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE
Command Line : "c:\Program Files\Norton Internet Security\ISSVC.exe"
ProcessID : 4294882817
Threads : 7
Priority : Normal
FileVersion : 8.0.0.64
ProductVersion : 8.0
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : IS Service
InternalName : ISSVC.exe
LegalCopyright : Copyright © 2004 Symantec Corporation
OriginalFilename : ISSVC.exe

#:12 [CCPROXY.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
Command Line : "c:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
ProcessID : 4294854729
Threads : 11
Priority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe

#:13 [TAPISRV.EXE]
ModuleName : C:\WINDOWS\SYSTEM\TAPISRV.EXE
Command Line : tapisrv.exe
ProcessID : 4294684897
Threads : 6
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft® Windows™ Telephony Server
InternalName : Telephony Service
LegalCopyright : Copyright © Microsoft Corp. 1994-1998
OriginalFilename : TAPISRV.EXE

#:14 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4294791165
Threads : 5
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:15 [ptsnoop.exe]
ModuleName : C:\WINDOWS\ptsnoop.exe
Command Line : n/a
ProcessID : 4294900365
Threads : 1
Priority : Normal
FileVersion : 1.00.00
ProductVersion : 1.00.00
ProductName : PTSNOOP.EXE
CompanyName : PCtel, Inc.
FileDescription : PTSNOOP.EXE
InternalName : PTSNOOP
LegalCopyright : Copyright PCtel,Inc.1994-2000
OriginalFilename : PTSNOOP.EXE

#:16 [TASKMON.EXE]
ModuleName : C:\WINDOWS\TASKMON.EXE
Command Line : "C:\windows\taskmon.exe"
ProcessID : 4294857909
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:17 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4294600861
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:18 [CPQEADM.EXE]
ModuleName : C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
Command Line : "C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe"
ProcessID : 4294577765
Threads : 1
Priority : Normal
FileVersion : 6.00.006
ProductVersion : 6.00.006
ProductName : Compaq Easy Access Button Support
CompanyName : Compaq Computer Corporation
FileDescription : Easy Access Software Demon
InternalName : CPQEADM
LegalCopyright : Copyright © 2000
OriginalFilename : CPQEADM.exe

#:19 [CPQINET.EXE]
ModuleName : C:\COMPAQ\CPQINET\CPQINET.EXE
Command Line : "C:\compaq\CPQInet\CpqInet.exe"
ProcessID : 4294622977
Threads : 3
Priority : Normal
FileVersion : 3, 0, 1, 4
ProductVersion : 2, 2, 0, 0
ProductName : CPQINET
CompanyName : Compaq Computer Corporation
FileDescription : CPQInet
InternalName : CPQInet
LegalCopyright : Copyright © 1999, 2000
LegalTrademarks : All Rights Reserved
OriginalFilename : CPQInet.exe
Comments : Compaq Internet Runtime Service

#:20 [BTTNSERV.EXE]
ModuleName : C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
Command Line : C:\PROGRA~1\COMPAQ\EASYAC~1\BTTNSERV.EXE -Embedding
ProcessID : 4294615461
Threads : 5
Priority : Normal
FileVersion : 4.00.061
ProductVersion : 4.00.061
ProductName : BttnServ Module
CompanyName : Compaq Computer Corporation
FileDescription : Button Server
InternalName : BttnServ
LegalCopyright : Copyright 1997-1999 Compaq Computer Corporation
OriginalFilename : BttnServ.exe
Comments : 4.00.061

#:21 [DEVGULP.EXE]
ModuleName : C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
Command Line : "C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe"
ProcessID : 4294613825
Threads : 2
Priority : Normal
FileVersion : 1,1,4,0
ProductVersion : 1,1,4,0
ProductName : Digital Dashboard (LCD) Support Software
CompanyName : Compaq Computer Corporation
FileDescription : Device Detective & Internet Alive
InternalName : DevGulp
LegalCopyright : Copyright Compaq Computer Corporation, 1999-2000
LegalTrademarks : Compaq
OriginalFilename : DevGulp.EXE
Comments : Device Detective & Internet Alive

#:22 [SCCENTER.EXE]
ModuleName : C:\CPQS\BWTOOLS\SCCENTER.EXE
Command Line : "C:\cpqs\bwtools\sccenter.exe"
ProcessID : 4294635505
Threads : 2
Priority : Normal
FileVersion : 1, 0, 0, 15
ProductVersion : 1, 0, 0, 15
ProductName : SCCenter Module
CompanyName : Compaq Computer Corporation
FileDescription : SCCenter Module
InternalName : SCCenter
LegalCopyright : Copyright 1999
LegalTrademarks : All rights reserved
OriginalFilename : SCCenter.EXE

#:23 [STIMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\STIMON.EXE
Command Line : "C:\WINDOWS\SYSTEM\STIMON.EXE"
ProcessID : 4294524805
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1998
OriginalFilename : STIMON.EXE

#:24 [CREATECD50.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
Command Line : "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
ProcessID : 4294509805
Threads : 1
Priority : Normal
FileVersion : 5.3.5.10
ProductVersion : 5.3.5.10
ProductName : Easy CD Creator
CompanyName : Roxio
FileDescription : Roxio Create CD
InternalName : createcd.exe
LegalCopyright : Copyright © 1999-2003 Roxio, Inc.
OriginalFilename : createcd.exe

#:25 [EAUSBKBD.EXE]
ModuleName : C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
Command Line : EAUSBKBD.EXE
ProcessID : 4294526893
Threads : 7
Priority : Normal
FileVersion : 6.00.096
ProductVersion : 6.00.096
ProductName : Compaq Easy Access Keyboard Support Software
CompanyName : Compaq Computer Corporation
FileDescription : Compaq Easy Access USB Keyboard Driver
InternalName : EAUSBKBD
LegalCopyright : Copyright © 1999-2000 Compaq Computer Corporation
OriginalFilename : EAUSBKBD.EXE
Comments : VA

#:26 [DIRECTCD.EXE]
ModuleName : C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
Command Line : "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
ProcessID : 4294545725
Threads : 1
Priority : Normal
FileVersion : 5.3.5.10
ProductVersion : 5.3.5.10
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001-2003, Roxio, Inc.
OriginalFilename : Directcd.exe

#:27 [HPCMPMGR.EXE]
ModuleName : C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
Command Line : "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
ProcessID : 4294563329
Threads : 4
Priority : Normal
FileVersion : 1.76.0
ProductVersion : 1.76.0
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HPCmpMgr.exe

#:28 [HPWUSCHD2.EXE]
ModuleName : C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
Command Line : "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
ProcessID : 4294448369
Threads : 1
Priority : Normal
FileVersion : 50.0.146.000
ProductVersion : 050.000.146.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : Hewlett-Packard Product Assistant
InternalName : hpwuSchd2
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : hpwuSchd2.exe
Comments : Hewlett-Packard Product Assistant

#:29 [QTTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\QTTASK.EXE
Command Line : "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
ProcessID : 4294464533
Threads : 2
Priority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:30 [CCAPP.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 4294492021
Threads : 59
Priority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:31 [SYMLCSVC.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
Command Line : "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" start
ProcessID : 4294478237
Threads : 1
Priority : Normal
FileVersion : 1, 8, 54, 478
ProductVersion : 1, 8, 54, 478
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:32 [HPQTRA08.EXE]
ModuleName : C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
Command Line : "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"
ProcessID : 4294397365
Threads : 4
Priority : Normal
FileVersion : 5.31.0.147
ProductVersion : 005.031.000.147
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)

#:33 [DDHELP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DDHELP.EXE
Command Line : ddhelp.exe
ProcessID : 4294500857
Threads : 4
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe

#:34 [WMIEXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\WMIEXE.EXE
Command Line : WmiExe 52
ProcessID : 4294318685
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:35 [SPOOL32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SPOOL32.EXE
Command Line : C:\WINDOWS\SYSTEM\spool32.exe
ProcessID : 4294348877
Threads : 4
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:36 [SNDSRVC.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
Command Line : "C:\PROGRA~1\COMMON~1\SYMANT~1\SndSrvc.exe"
ProcessID : 4294240401
Threads : 7
Priority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:37 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4294093797
Threads : 4
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:38 [PSTORES.EXE]
ModuleName : C:\WINDOWS\SYSTEM\PSTORES.EXE
Command Line : C:\WINDOWS\SYSTEM\PSTORES.EXE
ProcessID : 4198552713
Threads : 3
Priority : Normal
FileVersion : 5.00.1877.3
ProductVersion : 5.00.1877.3
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : Protected storage server

#:39 [RNAAPP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RNAAPP.EXE
Command Line : rnaapp.exe -l
ProcessID : 4294686769
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
LegalCopyright : Copyright © Microsoft Corp. 1992-1996
OriginalFilename : RNAAPP.EXE

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@internetwasher[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@realmedia[6].txt
Category : Data Miner
Comment : Hits:37
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:52
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@ad-logics[1].txt
Category : Data Miner
Comment : Hits:26
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@revenue[5].txt
Category : Data Miner
Comment : Hits:35
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@centrport[4].txt
Category : Data Miner
Comment : Hits:69
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@ad-logics[5].txt
Category : Data Miner
Comment : Hits:54
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@apmebf[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@xupiter[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@pro-market[1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@pro-market[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@realmedia[5].txt
Category : Data Miner
Comment : Hits:231
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][3].txt
Category : Data Miner
Comment : Hits:112
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:12
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@tmpad[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/tmpad

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@adrevolver[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/adrevolver/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:63
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][5].txt
Category : Data Miner
Comment : Hits:98
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@fortunecity[6].txt
Category : Data Miner
Comment : Hits:29
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:67
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:112
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@bravenet[3].txt
Category : Data Miner
Comment : Hits:58
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@tribalfusion[2].txt
Category : Data Miner
Comment : Hits:88
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@gator[8].txt
Category : Data Miner
Comment : Hits:180
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@cgi-bin[12].txt
Category : Data Miner
Comment : Hits:49
Value : Cookie:[email protected]/cgi-bin

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@2o7[6].txt
Category : Data Miner
Comment : Hits:3145
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@cgi-bin[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/cgi-bin

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@ad-flow[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@bluestreak[7].txt
Category : Data Miner
Comment : Hits:29
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@cgi-bin[2].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/cgi-bin

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@euniverseads[5].txt
Category : Data Miner
Comment : Hits:23
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][9].txt
Category : Data Miner
Comment : Hits:234
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bravenet[4].txt
Category : Data Miner
Comment : Hits:19
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@adrevolver[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/adrevolver/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@smartmoney[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@fortunecity[9].txt
Category : Data Miner
Comment : Hits:443
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@cgi-bin[10].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/cgi-bin

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@zedo[7].txt
Category : Data Miner
Comment : Hits:88
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@questionmarket[8].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@maxserving[5].txt
Category : Data Miner
Comment : Hits:173
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@questionmarket[9].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@tripod[5].txt
Category : Data Miner
Comment : Hits:67
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][7].txt
Category : Data Miner
Comment : Hits:74
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@cgi-bin[9].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/cgi-bin

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@ajrotator[7].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/servlet/ajrotator/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@tripod[3].txt
Category : Data Miner
Comment : Hits:19
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@cgi-bin[11].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:[email protected]/cgi-bin

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@cgi-bin[3].txt
Category : Data Miner
Comment : Hits:10
Value : Cookie:[email protected]/cgi-bin

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@cgi-bin[4].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/cgi-bin

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@trafficmp[6].txt
Category : Data Miner
Comment : Hits:794
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][6].txt
Category : Data Miner
Comment : Hits:95
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@qksrv[4].txt
Category : Data Miner
Comment : Hits:177
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@cgi-bin[7].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/cgi-bin/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@tradedoubler[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@tickle[5].txt
Category : Data Miner
Comment : Hits:102
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][3].txt
Category : Data Miner
Comment : Hits:18
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@spinbox[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@cybereps[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@qksrv[3].txt
Category : Data Miner
Comment : Hits:34
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@cgi-bin[6].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/cgi-bin/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@zedo[6].txt
Category : Data Miner
Comment : Hits:25
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@spinbox[2].txt
Category : Data Miner
Comment : Hits:21
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][7].txt
Category : Data Miner
Comment : Hits:174
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][3].txt
Category : Data Miner
Comment : Hits:54
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@2o7[6].txt
Category : Data Miner
Comment : Hits:801
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][3].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][4].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@paycounter[3].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@seeq[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@overture[4].txt
Category : Data Miner
Comment : Hits:30
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@trafic[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@adserv[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/adserv/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bluestreak[6].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@adserver[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/adserver

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@casalemedia[3].txt
Category : Data Miner
Comment : Hits:60
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@overture[4].txt
Category : Data Miner
Comment : Hits:129
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@spylog[3].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@pointroll[2].txt
Category : Data Miner
Comment : Hits:33
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@trafficmp[6].txt
Category : Data Miner
Comment : Hits:133
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@valueclick[3].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@spylog[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@revenue[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@casalemedia[3].txt
Category : Data Miner
Comment : Hits:421
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@centrport[4].txt
Category : Data Miner
Comment : Hits:18
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@tmpad[2].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/tmpad

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@cgi-bin[14].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/cgi-bin

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@hotlog[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@domainsponsor[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:13
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@maxserving[4].txt
Category : Data Miner
Comment : Hits:37
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@serving-sys[2].txt
Category : Data Miner
Comment : Hits:13
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@cgi-bin[13].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/cgi-bin

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][3].txt
Category : Data Miner
Comment : Hits:10
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@adserver[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/adserver

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@serving-sys[1].txt
Category : Data Miner
Comment : Hits:33
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/

Tracking Cookie Object Recognized!

Edited by Larry_harmon, 11 May 2005 - 03:06 PM.

  • 0

#5
Guest_Andy_veal_*
Posted 11 May 2005 - 03:55 PM

Guest_Andy_veal_*
  • Guest
I have reviewed your logfile and all that is detected is safe to remove, should you wish to do so.

To clean your machine, open Ad-Aware SE and run a full system scan. When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "item" you wish to remove. Click next, Click OK.

Please shutdown/restart your computer after removal, run a new full system scan and post your new log here.

All the best

Andy
  • 0

#6
Larry_harmon
Posted 11 May 2005 - 05:41 PM

Larry_harmon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
It is still there ... Blasted thing... Dialer, Popups and all. I am attaching a copy of the new AdAware and the new HiJackThis Logs. Thanks Larry

Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, May 11, 2005 6:03:14 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:33 %
Total physical memory:260356 kb
Available physical memory:33416 kb
Total page file size:1836792 kb
Available on page file:1663520 kb
Total virtual memory:2093056 kb
Available virtual memory:2043008 kb
OS:Microsoft Windows 98 SE

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-11-05 6:03:14 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4291779349
Threads : 4
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294946697
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294940729
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4294935025
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:5 [MSTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSTASK.EXE
Command Line : mstask.exe
ProcessID : 4294845913
Threads : 2
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:6 [KB891711.EXE]
ModuleName : c:\windows\SYSTEM\KB891711\KB891711.EXE
Command Line : n/a
ProcessID : 4294854721
Threads : 1
Priority : Normal
FileVersion : 4.10.2223
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB891711 component
InternalName : KB891711
LegalCopyright : Copyright © Microsoft Corp. 1991-2005
OriginalFilename : KB891711.EXE

#:7 [AOLACSD.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
Command Line : "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
ProcessID : 4294853641
Threads : 4
Priority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service
InternalName : AOLacsd
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLacsd.exe

#:8 [CCEVTMGR.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
Command Line : "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 4294875113
Threads : 14
Priority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:9 [CCSETMGR.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
Command Line : "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
ProcessID : 4294869717
Threads : 5
Priority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:10 [ISSVC.EXE]
ModuleName : C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE
Command Line : "c:\Program Files\Norton Internet Security\ISSVC.exe"
ProcessID : 4294895089
Threads : 7
Priority : Normal
FileVersion : 8.0.0.64
ProductVersion : 8.0
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : IS Service
InternalName : ISSVC.exe
LegalCopyright : Copyright © 2004 Symantec Corporation
OriginalFilename : ISSVC.exe

#:11 [CCPROXY.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
Command Line : "c:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
ProcessID : 4294853877
Threads : 11
Priority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe

#:12 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4294784985
Threads : 4
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:13 [HIDSERV.EXE]
ModuleName : C:\WINDOWS\SYSTEM\HIDSERV.EXE
Command Line : Hidserv.exe
ProcessID : 4294814145
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : HID Audio Service
InternalName : hidserv
LegalCopyright : Copyright © Microsoft Corp. 1998, 1999
OriginalFilename : HIDSERV.EXE

#:14 [ptsnoop.exe]
ModuleName : C:\WINDOWS\ptsnoop.exe
Command Line : n/a
ProcessID : 4294744429
Threads : 1
Priority : Normal
FileVersion : 1.00.00
ProductVersion : 1.00.00
ProductName : PTSNOOP.EXE
CompanyName : PCtel, Inc.
FileDescription : PTSNOOP.EXE
InternalName : PTSNOOP
LegalCopyright : Copyright PCtel,Inc.1994-2000
OriginalFilename : PTSNOOP.EXE

#:15 [TASKMON.EXE]
ModuleName : C:\WINDOWS\TASKMON.EXE
Command Line : "C:\windows\taskmon.exe"
ProcessID : 4294742697
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:16 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4294769785
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:17 [CPQEADM.EXE]
ModuleName : C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
Command Line : "C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe"
ProcessID : 4294743325
Threads : 1
Priority : Normal
FileVersion : 6.00.006
ProductVersion : 6.00.006
ProductName : Compaq Easy Access Button Support
CompanyName : Compaq Computer Corporation
FileDescription : Easy Access Software Demon
InternalName : CPQEADM
LegalCopyright : Copyright © 2000
OriginalFilename : CPQEADM.exe

#:18 [CPQINET.EXE]
ModuleName : C:\COMPAQ\CPQINET\CPQINET.EXE
Command Line : "C:\compaq\CPQInet\CpqInet.exe"
ProcessID : 4294757149
Threads : 3
Priority : Normal
FileVersion : 3, 0, 1, 4
ProductVersion : 2, 2, 0, 0
ProductName : CPQINET
CompanyName : Compaq Computer Corporation
FileDescription : CPQInet
InternalName : CPQInet
LegalCopyright : Copyright © 1999, 2000
LegalTrademarks : All Rights Reserved
OriginalFilename : CPQInet.exe
Comments : Compaq Internet Runtime Service

#:19 [BTTNSERV.EXE]
ModuleName : C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
Command Line : C:\PROGRA~1\COMPAQ\EASYAC~1\BTTNSERV.EXE -Embedding
ProcessID : 4294645581
Threads : 5
Priority : Normal
FileVersion : 4.00.061
ProductVersion : 4.00.061
ProductName : BttnServ Module
CompanyName : Compaq Computer Corporation
FileDescription : Button Server
InternalName : BttnServ
LegalCopyright : Copyright 1997-1999 Compaq Computer Corporation
OriginalFilename : BttnServ.exe
Comments : 4.00.061

#:20 [DEVGULP.EXE]
ModuleName : C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
Command Line : "C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe"
ProcessID : 4294666997
Threads : 2
Priority : Normal
FileVersion : 1,1,4,0
ProductVersion : 1,1,4,0
ProductName : Digital Dashboard (LCD) Support Software
CompanyName : Compaq Computer Corporation
FileDescription : Device Detective & Internet Alive
InternalName : DevGulp
LegalCopyright : Copyright Compaq Computer Corporation, 1999-2000
LegalTrademarks : Compaq
OriginalFilename : DevGulp.EXE
Comments : Device Detective & Internet Alive

#:21 [SCCENTER.EXE]
ModuleName : C:\CPQS\BWTOOLS\SCCENTER.EXE
Command Line : "C:\cpqs\bwtools\sccenter.exe"
ProcessID : 4294658609
Threads : 2
Priority : Normal
FileVersion : 1, 0, 0, 15
ProductVersion : 1, 0, 0, 15
ProductName : SCCenter Module
CompanyName : Compaq Computer Corporation
FileDescription : SCCenter Module
InternalName : SCCenter
LegalCopyright : Copyright 1999
LegalTrademarks : All rights reserved
OriginalFilename : SCCenter.EXE

#:22 [STIMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\STIMON.EXE
Command Line : "C:\WINDOWS\SYSTEM\STIMON.EXE"
ProcessID : 4294688633
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1998
OriginalFilename : STIMON.EXE

#:23 [CREATECD50.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
Command Line : "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
ProcessID : 4294697233
Threads : 1
Priority : Normal
FileVersion : 5.3.5.10
ProductVersion : 5.3.5.10
ProductName : Easy CD Creator
CompanyName : Roxio
FileDescription : Roxio Create CD
InternalName : createcd.exe
LegalCopyright : Copyright © 1999-2003 Roxio, Inc.
OriginalFilename : createcd.exe

#:24 [DIRECTCD.EXE]
ModuleName : C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
Command Line : "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
ProcessID : 4294575081
Threads : 1
Priority : Normal
FileVersion : 5.3.5.10
ProductVersion : 5.3.5.10
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001-2003, Roxio, Inc.
OriginalFilename : Directcd.exe

#:25 [HPCMPMGR.EXE]
ModuleName : C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
Command Line : "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
ProcessID : 4294592733
Threads : 4
Priority : Normal
FileVersion : 1.76.0
ProductVersion : 1.76.0
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HPCmpMgr.exe

#:26 [EAUSBKBD.EXE]
ModuleName : C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
Command Line : EAUSBKBD.EXE
ProcessID : 4294621817
Threads : 7
Priority : Normal
FileVersion : 6.00.096
ProductVersion : 6.00.096
ProductName : Compaq Easy Access Keyboard Support Software
CompanyName : Compaq Computer Corporation
FileDescription : Compaq Easy Access USB Keyboard Driver
InternalName : EAUSBKBD
LegalCopyright : Copyright © 1999-2000 Compaq Computer Corporation
OriginalFilename : EAUSBKBD.EXE
Comments : VA

#:27 [HPWUSCHD2.EXE]
ModuleName : C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
Command Line : "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
ProcessID : 4294633993
Threads : 1
Priority : Normal
FileVersion : 50.0.146.000
ProductVersion : 050.000.146.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : Hewlett-Packard Product Assistant
InternalName : hpwuSchd2
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : hpwuSchd2.exe
Comments : Hewlett-Packard Product Assistant

#:28 [QTTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\QTTASK.EXE
Command Line : "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
ProcessID : 4294519349
Threads : 2
Priority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:29 [CCAPP.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 4294510673
Threads : 59
Priority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:30 [SYMLCSVC.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
Command Line : "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" start
ProcessID : 4294532725
Threads : 2
Priority : Normal
FileVersion : 1, 8, 54, 478
ProductVersion : 1, 8, 54, 478
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:31 [HPQTRA08.EXE]
ModuleName : C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
Command Line : "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"
ProcessID : 4294446037
Threads : 4
Priority : Normal
FileVersion : 5.31.0.147
ProductVersion : 005.031.000.147
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)

#:32 [DDHELP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DDHELP.EXE
Command Line : ddhelp.exe
ProcessID : 4294530133
Threads : 4
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe

#:33 [WMIEXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\WMIEXE.EXE
Command Line : WmiExe 52
ProcessID : 4294475781
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:34 [RNAAPP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RNAAPP.EXE
Command Line : rnaapp.exe -l
ProcessID : 4294397281
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
LegalCopyright : Copyright © Microsoft Corp. 1992-1996
OriginalFilename : RNAAPP.EXE

#:35 [TAPISRV.EXE]
ModuleName : C:\WINDOWS\SYSTEM\TAPISRV.EXE
Command Line : tapisrv.exe
ProcessID : 4294419209
Threads : 5
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft® Windows™ Telephony Server
InternalName : Telephony Service
LegalCopyright : Copyright © Microsoft Corp. 1994-1998
OriginalFilename : TAPISRV.EXE

#:36 [SPOOL32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SPOOL32.EXE
Command Line : C:\WINDOWS\SYSTEM\spool32.exe
ProcessID : 4294347497
Threads : 4
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:37 [SNDSRVC.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
Command Line : "C:\PROGRA~1\COMMON~1\SYMANT~1\SndSrvc.exe"
ProcessID : 4294361941
Threads : 7
Priority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:38 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4294125825
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Deep scanning and examining files (d:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for d:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 0


6:23:01 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:19:47.40
Objects scanned:108546
Objects identified:0
Objects ignored:0
New critical objects:0

------------------------------------------------------------------------

HiJack This Log

Logfile of HijackThis v1.99.1
Scan saved at 6:39:12 PM, on 5/11/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\ACCESSORIES\WORDPAD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SLRUNDLL.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\MSAGENT\AGENTSVR.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0337/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.devtex.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...archbar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presar...archbar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by S&L Internet
F1 - win.ini: run=hpfsched
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.altavista.com"); (C:\Program Files\Netscape\Users\cych6768\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [SystemTasks] C:\filez.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CreateCD50] "c:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ISSVC] "c:\Program Files\Norton Internet Security\ISSVC.exe"
O4 - HKLM\..\RunServices: [ccProxy] c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunOnce: [OfficeTuneUp] "c:\Program Files\Microsoft Office\Office\otuneup.exe" -B
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: Forget Me Not.lnk = C:\Program Files\Mindscape\AGPrint\PMREMIND.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
O14 - IERESET.INF: START_PAGE_URL=http:\\www.devtex.net
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://aol.ea.com/do...trap/iegils.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.1.../ACNePlayer.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
  • 0

#7
Guest_Andy_veal_*
Posted 12 May 2005 - 11:31 AM

Guest_Andy_veal_*
  • Guest
Your logfile is clean.

As your are still having problems, I am going to refer you to HJT :tazz:
  • 0

#8
Guest_Andy_veal_*
Posted 12 May 2005 - 11:31 AM

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0

#9
Larry_harmon
Posted 17 May 2005 - 10:02 AM

Larry_harmon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
My ongoing attempts to remove the virus "Trojan Win32-Warspy-G"; better known as "Newgenlook.info" has been frustrating at best. I have revealed the following, I suspect, critical requirement to remove this virus.

The virus seems to have eliminated the windows notepad from the system; therefore any attempt to remove the virus from the files in the registry is never accomplished. The "Notepad" program does not function. Without notepad, no alterations to the registry can be made.

I have used most of the virus removal software and patches, but all have been in vain. I took some time off to mentally analyze the problem and have determined I must reinstall notepad to remove this pest. Here is what I have done to eliminate the program.

Install the following programs from the internet downloads:
Ad-Ware SE
KillBox
HiJack This

1.) Run the Ad-Ware SE Program and remove all necessary bad files.

2.) Run KILLBOX Tool to eliminate the following files/folders from Windows/System32/
param32.dll
guninst.exe
popup_bl.dll

3.) Insert the WIN98 SE disk in the drive.
Click Start , Run type SFC , click OK
Select "Extract one file....." Type Notepad.exe click Start
In the restore from line type the drive for the CD ie E:\win98\
Click OK .... You should receive a confirmation that the file was
extracted.
Close the file extractor

4.) Run "HiJackThis" and run the program to do a system scan only.
Select the following:
RO-HKCU Software ........ www.newgenlook.info......
R1-HKCU-Software ..........internet by S & L................
Click FIX CHECKED It will now remove the plague !!

5.) As a precaution, right click on Internet Explorer, select properties.
In the Home Page properties, add the address for your default Home
Page.
For Temporary Internet Files: Delete Cookies & Delete Files.
For History: Clear History.

Re-boot your computer and you should find satisfactory results with this method. Additional files may have to be removed with the guidance of the folks at :Geeks-to-Go. Thanks for the help.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP