Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Referred]Help!?! Trojan-spy.HTML.Smitfraud.c - blue screen

Started by anotherdaydown , May 12 2005 02:02 PM

  • Please log in to reply

#1
anotherdaydown
Posted 12 May 2005 - 02:02 PM

anotherdaydown

    Member

  • Member
  • PipPip
  • 12 posts
I have cleared the blue screen, changed reg settings to get wallpaper options back and gotten rid of isearch. I really need your help with the rest.

Thanks so much for any/all help...


Ad-Aware SE Build 1.05
Logfile Created on:Thursday, May 12, 2005 2:46:32 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Elitum.ElitebarBHO(TAC index:5):1 total references
iSearch Toolbar(TAC index:3):2 total references
MediaMotor(TAC index:8):4 total references
MRU List(TAC index:0):13 total references
Other(TAC index:5):1 total references
SahAgent(TAC index:9):2 total references
TopMoxie(TAC index:3):1 total references
WebHancer(TAC index:9):14 total references
Win32.Trojan.Delprot.a(TAC index:6):1 total references
WindUpdates(TAC index:8):2 total references
VX2(TAC index:10):9 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-12-2005 2:46:32 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Matt Freeman\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-117609710-1202660629-1060284298-1004

\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar


MRU List Object Recognized!
Location: : S-1-5-21-117609710-1202660629-1060284298-1004

\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-117609710-1202660629-1060284298-1004

\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-117609710-1202660629-1060284298-1004

\software\microsoft\internet explorer
Description : last download directory used in microsoft internet

explorer


MRU List Object Recognized!
Location: : S-1-5-21-117609710-1202660629-1060284298-1004

\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet

explorer


MRU List Object Recognized!
Location: : S-1-5-21-117609710-1202660629-1060284298-1004

\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-117609710-1202660629-1060284298-1004

\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file

extension


MRU List Object Recognized!
Location: : S-1-5-21-117609710-1202660629-1060284298-1004

\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-117609710-1202660629-1060284298-1004

\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 404
ThreadCreationTime : 5-12-2005 7:38:44 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 452
ThreadCreationTime : 5-12-2005 7:38:46 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 476
ThreadCreationTime : 5-12-2005 7:38:49 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 520
ThreadCreationTime : 5-12-2005 7:38:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 532
ThreadCreationTime : 5-12-2005 7:38:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 708
ThreadCreationTime : 5-12-2005 7:38:52 PM
BasePriority : Normal
FileVersion : 6.14.10.4109
ProductVersion : 6.14.10.4109.04
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 740
ThreadCreationTime : 5-12-2005 7:38:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 816
ThreadCreationTime : 5-12-2005 7:38:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 992
ThreadCreationTime : 5-12-2005 7:38:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1036
ThreadCreationTime : 5-12-2005 7:38:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1248
ThreadCreationTime : 5-12-2005 7:38:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1420
ThreadCreationTime : 5-12-2005 7:38:55 PM
BasePriority : Normal
FileVersion : 6.14.10.4109
ProductVersion : 6.14.10.4109.04
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1476
ThreadCreationTime : 5-12-2005 7:38:55 PM
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:14 [regtwk.exe]
FilePath : C:\Program Files\Rage3DTweak\
ProcessID : 1696
ThreadCreationTime : 5-12-2005 7:39:02 PM
BasePriority : Normal
FileVersion : 0, 0, 0, 16
ProductVersion : 0, 0, 0, 16
ProductName : Registry Tweak
CompanyName : Byron Montgomerie
FileDescription : Taskbar icon exe
InternalName : RegTwk.exe
LegalCopyright : Copyright © 1999-2002
OriginalFilename : RegTwk.exe
Comments : Taskbar program for RegTweak

#:15 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0\bin\
ProcessID : 1704
ThreadCreationTime : 5-12-2005 7:39:02 PM
BasePriority : Normal


#:16 [cthelper.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1716
ThreadCreationTime : 5-12-2005 7:39:02 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper Application
InternalName : CtHelper
LegalCopyright : Copyright © 2002
OriginalFilename : CtHelper.EXE

#:17 [cli.exe]
FilePath : C:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 1796
ThreadCreationTime : 5-12-2005 7:39:03 PM
BasePriority : Normal


#:18 [ezsp_px.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1816
ThreadCreationTime : 5-12-2005 7:39:03 PM
BasePriority : Normal


#:19 [svch0st.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1824
ThreadCreationTime : 5-12-2005 7:39:03 PM
BasePriority : Normal


#:20 [cfd.exe]
FilePath : C:\Program Files\BroadJump\Client Foundation\
ProcessID : 1852
ThreadCreationTime : 5-12-2005 7:39:04 PM
BasePriority : Normal


#:21 [devldr32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1864
ThreadCreationTime : 5-12-2005 7:39:04 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 17
ProductVersion : 1, 0, 0, 17
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © Creative Technology Ltd. 1998-2001
OriginalFilename : DevLdr32.exe

#:22 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1860
ThreadCreationTime : 5-12-2005 7:39:04 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:23 [delttray.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1884
ThreadCreationTime : 5-12-2005 7:39:05 PM
BasePriority : Normal
FileVersion : 5.1.0.01
ProductVersion : 5.1.0.01
ProductName : M Audio Delta Control Panel Interface System Tray Applet
CompanyName : Doug Fetter Software Wizardry
FileDescription : M Audio Delta Control Panel Interface System Tray Applet
InternalName : Delta Panel System Tray Applet
LegalCopyright : Copyright © 2002 Midiman, Inc. All rights reserved.
LegalTrademarks : M Audio ™ is a legal trademark of MIDIMAN, Inc.
OriginalFilename : DeltTray.EXE
Comments : Developed by Doug Fetter Software Wizardry

#:24 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1920
ThreadCreationTime : 5-12-2005 7:39:06 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:25 [wapr.exe]
FilePath : C:\Documents and Settings\Matt Freeman\Application Data\
ProcessID : 1964
ThreadCreationTime : 5-12-2005 7:39:08 PM
BasePriority : Normal


#:26 [m?dtc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2008
ThreadCreationTime : 5-12-2005 7:39:08 PM
BasePriority : Normal


#:27 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 2036
ThreadCreationTime : 5-12-2005 7:39:09 PM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:28 [win32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 140
ThreadCreationTime : 5-12-2005 7:39:10 PM
BasePriority : Normal


#:29 [gameutil.exe]
FilePath : C:\Program Files\rage3dtweak\
ProcessID : 220
ThreadCreationTime : 5-12-2005 7:39:14 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 21
ProductVersion : 1, 0, 0, 21
ProductName : GameUtil
CompanyName : Byron Montgomerie
FileDescription : Gamma control, ATI overclock reset on resume, refresh

rate hack, per game do stuff in general
InternalName : GameUtil
LegalCopyright : Copyright © 2002
OriginalFilename : GameUtil.exe

#:30 [cli.exe]
FilePath : C:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 304
ThreadCreationTime : 5-12-2005 7:39:15 PM
BasePriority : Normal


#:31 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 336
ThreadCreationTime : 5-12-2005 7:39:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:32 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 392
ThreadCreationTime : 5-12-2005 7:39:16 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:33 [wincinemamgr.exe]
FilePath : C:\Program Files\InterVideo\Common\Bin\
ProcessID : 880
ThreadCreationTime : 5-12-2005 7:39:20 PM
BasePriority : Normal
FileVersion : 1.8.2
ProductVersion : 1, 8, 2, 0
ProductName : WinCinema Manager for InterVideo WinCinema products
CompanyName : InterVideo Inc.
FileDescription : WinCinema Manager
InternalName : WinCinema Manager
LegalCopyright : Copyright 1999-2003 InterVideo, Inc. All rights

reserved.
OriginalFilename : WinCinemaMgr.EXE

#:34 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 940
ThreadCreationTime : 5-12-2005 7:39:21 PM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:35 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3968
ThreadCreationTime : 5-12-2005 7:41:40 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:36 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2100
ThreadCreationTime : 5-12-2005 7:45:47 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : File
Data : exiysu.exe.tcf
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM32\
FileVersion : 1, 0, 2, 17
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


WebHancer Object Recognized!
Type : File
Data : whInstaller.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\LastGood\
FileVersion : 1.8.1
ProductVersion : 1.8.1
ProductName : webHancer Installer
CompanyName : webHancer Corporation
FileDescription : webHancer Installer
InternalName : whInstaller
LegalCopyright : Copyright © 1999-2001 webHancer Corporation
OriginalFilename : whInstaller.exe


WebHancer Object Recognized!
Type : File
Data : webhdll.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\LastGood\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : webhdll.dll


WebHancer Object Recognized!
Type : File
Data : WhAgent.exe
Category : Data Miner
Comment :
Object : C:\Program Files\whInstall\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Customer Companion
InternalName : whAgent
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whAgent.exe


WebHancer Object Recognized!
Type : File
Data : whInstaller.exe
Category : Data Miner
Comment :
Object : C:\Program Files\whInstall\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Installer
InternalName : whInstaller
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whInstaller.exe


WebHancer Object Recognized!
Type : File
Data : WhSurvey.exe
Category : Data Miner
Comment :
Object : C:\Program Files\whInstall\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Survey Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Survey Companion
InternalName : whSurvey
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whSurvey.exe


WebHancer Object Recognized!
Type : File
Data : Webhdll.dll
Category : Data Miner
Comment :
Object : C:\Program Files\whInstall\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : webhdll.dll


WebHancer Object Recognized!
Type : File
Data : whiehlpr.dll
Category : Data Miner
Comment :
Object : C:\Program Files\whInstall\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer IE Helper Module
InternalName : WhIeHelper
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whiehlpr.dll


VX2 Object Recognized!
Type : File
Data : thnall2c.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Matt Freeman\Local

Settings\Temp\drp68.tmp\
FileVersion : 2, 0, 1, 8
ProductVersion : 2, 0, 1, 8
ProductName : Thinstaller
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files

and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2005
OriginalFilename : Thinstaller.exe
Comments : Utility for downloading files and upgrading software.

Visit www.abetterinternet.com for more info.


WindUpdates Object Recognized!
Type : File
Data : A0061656.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F

7-8DE4-AF2B9EB4FF0E}\RP487\



Win32.Trojan.Delprot.a Object Recognized!
Type : File
Data : A0061860.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F

7-8DE4-AF2B9EB4FF0E}\RP487\



MediaMotor Object Recognized!
Type : File
Data : A0060817.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F

7-8DE4-AF2B9EB4FF0E}\RP462\
FileVersion : 0, 12, 4, 74
ProductVersion : 0, 12, 4, 74
ProductName : Ceres
CompanyName : Ceres
FileDescription : www.abetterinternet.com
InternalName : Ceres
LegalCopyright : Copyright © 2004
OriginalFilename : Ceres.dll
Comments : www.abetterinternet.com


MediaMotor Object Recognized!
Type : File
Data : A0060822.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F

7-8DE4-AF2B9EB4FF0E}\RP463\
FileVersion : 0, 12, 4, 74
ProductVersion : 0, 12, 4, 74
ProductName : Ceres
CompanyName : Ceres
FileDescription : www.abetterinternet.com
InternalName : Ceres
LegalCopyright : Copyright © 2004
OriginalFilename : Ceres.dll
Comments : www.abetterinternet.com


VX2 Object Recognized!
Type : File
Data : A0060870.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F

7-8DE4-AF2B9EB4FF0E}\RP465\
FileVersion : 1, 0, 2, 17
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : A0060872.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F

7-8DE4-AF2B9EB4FF0E}\RP465\
FileVersion : 0, 4, 1, 3
ProductVersion : 0, 4, 1, 3
CompanyName : FarmMext
FileDescription : www.farmmext.com
LegalCopyright : Copyright © 2002


MediaMotor Object Recognized!
Type : File
Data : A0060913.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F

7-8DE4-AF2B9EB4FF0E}\RP467\
FileVersion : 0, 12, 4, 74
ProductVersion : 0, 12, 4, 74
ProductName : Ceres
CompanyName : Ceres
FileDescription : www.abetterinternet.com
InternalName : Ceres
LegalCopyright : Copyright © 2004
OriginalFilename : Ceres.dll
Comments : www.abetterinternet.com


iSearch Toolbar Object Recognized!
Type : File
Data : MFEX-2.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F

7-8DE4-AF2B9EB4FF0E}\RP468\snapshot\



VX2 Object Recognized!
Type : File
Data : A0060928.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F

7-8DE4-AF2B9EB4FF0E}\RP468\
FileVersion : 0, 4, 4, 30
ProductVersion : 0, 4, 4, 30
ProductName : localnrd
CompanyName : LocalNRD
FileDescription : www.localnrd.com
InternalName : localnrd
LegalCopyright : Copyright © 2004
OriginalFilename : localnrd.dll
Comments : www.localnrd.com


Elitum.ElitebarBHO Object Recognized!
Type : File
Data : A0060929.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F

7-8DE4-AF2B9EB4FF0E}\RP468\



MediaMotor Object Recognized!
Type : File
Data : A0061002.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F

7-8DE4-AF2B9EB4FF0E}\RP471\
FileVersion : 0, 12, 4, 74
ProductVersion : 0, 12, 4, 74
ProductName : Ceres
CompanyName : Ceres
FileDescription : www.abetterinternet.com
InternalName : Ceres
LegalCopyright : Copyright © 2004
OriginalFilename : Ceres.dll
Comments : www.abetterinternet.com


iSearch Toolbar Object Recognized!
Type : File
Data : A0061341.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F

7-8DE4-AF2B9EB4FF0E}\RP471\



TopMoxie Object Recognized!
Type : File
Data : WebRebates_CDT_InstallSilent.exe
Category : Data Miner
Comment :
Object : C:\TEMP\



VX2 Object Recognized!
Type : File
Data : lc.exe
Category : Malware
Comment :
Object : C:\TEMP\
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 12
ProductName : Install Utility
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files

and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2004
OriginalFilename : InstUtil.exe
Comments : Utility for downloading files and upgrading software.

Visit www.abetterinternet.com for more info.


SahAgent Object Recognized!
Type : File
Data : sahagent.exe
Category : Data Miner
Comment :
Object : C:\TEMP\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 37


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 37


Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 37


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 37




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\lastknowngoodrecovery\lastgood
Value : INF/oem14.PNF

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\lastknowngoodrecovery\lastgood
Value : INF/oem11.PNF

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\lastknowngoodrecovery\lastgood
Value : INF/oem12.PNF

WebHancer Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\whInstall

WebHancer Object Recognized!
Type : File
Data : license.txt
Category : Data Miner
Comment :
Object : C:\Program Files\whinstall\



WebHancer Object Recognized!
Type : File
Data : readme.txt
Category : Data Miner
Comment :
Object : C:\Program Files\whinstall\



WebHancer Object Recognized!
Type : File
Data : whAgent.ini
Category : Data Miner
Comment :
Object : C:\Program Files\whinstall\



WebHancer Object Recognized!
Type : File
Data : whInstaller.ini
Category : Data Miner
Comment :
Object : C:\Program Files\whinstall\



WebHancer Object Recognized!
Type : File
Data : whAgent.inf
Category : Data Miner
Comment :
Object : C:\Program Files\whinstall\



WebHancer Object Recognized!
Type : File
Data : Sporder.dll
Category : Data Miner
Comment :
Object : C:\Program Files\whinstall\
FileVersion : 4.00
ProductVersion : 4.00
ProductName : Microsoft® Windows NT™ Operating System
CompanyName : Microsoft Corporation
FileDescription : WinSock2 reorder service providers
InternalName : sporder.dll
LegalCopyright : Copyright © Microsoft Corp. 1981-1996
OriginalFilename : sporder.dll


WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall
Value : UninstallString

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 13
Objects found so far: 50

2:59:20 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:47.273
Objects scanned:231422
Objects identified:37
Objects ignored:0
New critical objects:37

Edited by anotherdaydown, 12 May 2005 - 02:39 PM.

  • 0

Advertisements

#2
Guest_Andy_veal_*
Posted 12 May 2005 - 03:35 PM

Guest_Andy_veal_*
  • Guest
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid

Exit Add/Remove Programs.

*IMPORTANT*CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES

Press CTRL ALT DELETE to open Windows Task Manger. Click on the Processes tab and end the following processes:

List any files going to be deleted that are running

Exit Task Manager.

I need you to copy all of the Killbox instructions below and paste them into Notepad and save it for use while in Safe Mode.

* Please download the Killbox by Option^Explicit. *In the event you already have Killbox, this is a new version that I need you to download.
Unzip it to the desktop but do NOT run it yet.

* Please reboot into Safe Mode by restarting your computer and tapping F8 continuously as your computer is booting up until a menu appears. use your up arrow key to highlight "Safe Mode", then hit enter

* Once in Safe Mode, please run Killbox.

* Select "Delete on Reboot".

* Open the Notepad file where you saved these instructions earlier, and copy the file names below to the clipboard by highlighting them and pressing CTRL + C:

C:\wp.exe
C:\wp.bmp
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\WINDOWS\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\system32\msole32.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually. While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Yes, we need you to go back into Safe Mode!

Make sure you can view hidden files.

Using Windows Explorer, delete the following (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard

Reboot into normal mode.

*Download and install Registrar Lite version 2.00
*Double click the purple Registrar Lite icon on your desktop.
*Copy the line below and paste it into the "Address" field (located at the top) of the program:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

*Click the "Go" button.
*It will take you into the "Policies" folder.
*Locate the "System" folder (in the right panel)
*If found, right-click on the System folder and go to Delete
*Be very careful that you only delete the System folder that is inside the Policies folder.

Reboot your computer again.

Please go to http://www.bleepingc...g/smitfraud.reg and download that file,
Once downloaded, Please run it.
It will ask if you want it to merge with the registry.

Please accept this, You will have to reboot

1.) Download the Hoster from HERE Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Download: http://www.mvps.org/winhelp2002/DelDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download, install, and run CleanUp!

4.) Run this online virus scan: ActiveScan - Save the results from the scan!

[b]Post a new Ad-aware SE Logfile.
  • 0

#3
anotherdaydown
Posted 12 May 2005 - 10:27 PM

anotherdaydown

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I apologize for the long wait, here's the next log...

Thanks again for your help!


Ad-Aware SE Build 1.05
Logfile Created on:Thursday, May 12, 2005 10:43:52 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Elitum.ElitebarBHO(TAC index:5):1 total references
iSearch Toolbar(TAC index:3):2 total references
MediaMotor(TAC index:8):4 total references
Tracking Cookie(TAC index:3):3 total references
WebHancer(TAC index:9):14 total references
Win32.Trojan.Delprot.a(TAC index:6):1 total references
WindUpdates(TAC index:8):2 total references
VX2(TAC index:10):7 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:61 %
Total physical memory:1048048 kb
Available physical memory:638660 kb
Total page file size:4194303 kb
Available on page file:4194303 kb
Total virtual memory:2097024 kb
Available virtual memory:2045744 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-12-2005 10:43:52 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 404
ThreadCreationTime : 5-12-2005 10:17:57 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 452
ThreadCreationTime : 5-12-2005 10:17:59 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 476
ThreadCreationTime : 5-12-2005 10:18:02 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 520
ThreadCreationTime : 5-12-2005 10:18:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 532
ThreadCreationTime : 5-12-2005 10:18:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\Ati2evxx.exe
Command Line : C:\WINDOWS\System32\Ati2evxx.exe
ProcessID : 708
ThreadCreationTime : 5-12-2005 10:18:05 PM
BasePriority : Normal
FileVersion : 6.14.10.4109
ProductVersion : 6.14.10.4109.04
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 740
ThreadCreationTime : 5-12-2005 10:18:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 828
ThreadCreationTime : 5-12-2005 10:18:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1016
ThreadCreationTime : 5-12-2005 10:18:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1048
ThreadCreationTime : 5-12-2005 10:18:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1348
ThreadCreationTime : 5-12-2005 10:18:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 1948
ThreadCreationTime : 5-12-2005 10:18:20 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:13 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 204
ThreadCreationTime : 5-12-2005 10:18:23 PM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:14 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 732
ThreadCreationTime : 5-12-2005 10:18:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:15 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 776
ThreadCreationTime : 5-12-2005 10:18:26 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:16 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : "C:\WINDOWS\wanmpsvc.exe"
ProcessID : 920
ThreadCreationTime : 5-12-2005 10:18:27 PM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:17 [ati2evxx.exe]
ModuleName : C:\WINDOWS\system32\Ati2evxx.exe
Command Line : Ati2evxx.exe -Client
ProcessID : 3720
ThreadCreationTime : 5-12-2005 10:24:50 PM
BasePriority : Normal
FileVersion : 6.14.10.4109
ProductVersion : 6.14.10.4109.04
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:18 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 2476
ThreadCreationTime : 5-12-2005 10:24:50 PM
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:19 [regtwk.exe]
ModuleName : C:\Program Files\Rage3DTweak\RegTwk.exe
Command Line : "C:\Program Files\Rage3DTweak\RegTwk.exe"
ProcessID : 1512
ThreadCreationTime : 5-12-2005 10:24:52 PM
BasePriority : Normal
FileVersion : 0, 0, 0, 16
ProductVersion : 0, 0, 0, 16
ProductName : Registry Tweak
CompanyName : Byron Montgomerie
FileDescription : Taskbar icon exe
InternalName : RegTwk.exe
LegalCopyright : Copyright © 1999-2002
OriginalFilename : RegTwk.exe
Comments : Taskbar program for RegTweak

#:20 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0\bin\jusched.exe"
ProcessID : 1720
ThreadCreationTime : 5-12-2005 10:24:52 PM
BasePriority : Normal


#:21 [cthelper.exe]
ModuleName : C:\WINDOWS\System32\CTHELPER.EXE
Command Line : "C:\WINDOWS\System32\CTHELPER.EXE"
ProcessID : 1716
ThreadCreationTime : 5-12-2005 10:24:52 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper Application
InternalName : CtHelper
LegalCopyright : Copyright © 2002
OriginalFilename : CtHelper.EXE

#:22 [cli.exe]
ModuleName : C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
Command Line : "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
ProcessID : 812
ThreadCreationTime : 5-12-2005 10:24:52 PM
BasePriority : Normal


#:23 [ezsp_px.exe]
ModuleName : C:\WINDOWS\System32\ezSP_Px.exe
Command Line : "C:\WINDOWS\System32\ezSP_Px.exe"
ProcessID : 1216
ThreadCreationTime : 5-12-2005 10:24:52 PM
BasePriority : Normal


#:24 [cfd.exe]
ModuleName : C:\Program Files\BroadJump\Client Foundation\CFD.exe
Command Line : "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
ProcessID : 1132
ThreadCreationTime : 5-12-2005 10:24:53 PM
BasePriority : Normal


#:25 [delttray.exe]
ModuleName : C:\WINDOWS\System32\DeltTray.exe
Command Line : "C:\WINDOWS\System32\DeltTray.exe"
ProcessID : 1792
ThreadCreationTime : 5-12-2005 10:24:53 PM
BasePriority : Normal
FileVersion : 5.1.0.01
ProductVersion : 5.1.0.01
ProductName : M Audio Delta Control Panel Interface System Tray Applet
CompanyName : Doug Fetter Software Wizardry
FileDescription : M Audio Delta Control Panel Interface System Tray Applet
InternalName : Delta Panel System Tray Applet
LegalCopyright : Copyright © 2002 Midiman, Inc. All rights reserved.
LegalTrademarks : M Audio ™ is a legal trademark of MIDIMAN, Inc.
OriginalFilename : DeltTray.EXE
Comments : Developed by Doug Fetter Software Wizardry

#:26 [devldr32.exe]
ModuleName : C:\WINDOWS\System32\devldr32.exe
Command Line : C:\WINDOWS\System32\devldr32.exe
ProcessID : 928
ThreadCreationTime : 5-12-2005 10:24:53 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 17
ProductVersion : 1, 0, 0, 17
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © Creative Technology Ltd. 1998-2001
OriginalFilename : DevLdr32.exe

#:27 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 1900
ThreadCreationTime : 5-12-2005 10:24:53 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:28 [wapr.exe]
ModuleName : C:\Documents and Settings\Matt Freeman\Application Data\wapr.exe
Command Line : "C:\Documents and Settings\Matt Freeman\Application Data\wapr.exe"
ProcessID : 2664
ThreadCreationTime : 5-12-2005 10:24:53 PM
BasePriority : Normal


#:29 [m?dtc.exe]
ModuleName : C:\WINDOWS\System32\m?dtc.exe
Command Line : "C:\WINDOWS\System32\m?dtc.exe"
ProcessID : 2636
ThreadCreationTime : 5-12-2005 10:24:53 PM
BasePriority : Normal


#:30 [win32.exe]
ModuleName : C:\WINDOWS\System32\win32.exe
Command Line : "C:\WINDOWS\System32\win32.exe"
ProcessID : 3148
ThreadCreationTime : 5-12-2005 10:24:54 PM
BasePriority : Normal


#:31 [gameutil.exe]
ModuleName : C:\Program Files\rage3dtweak\gameutil.exe
Command Line : "C:\Program Files\rage3dtweak\gameutil.exe"
ProcessID : 868
ThreadCreationTime : 5-12-2005 10:24:55 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 21
ProductVersion : 1, 0, 0, 21
ProductName : GameUtil
CompanyName : Byron Montgomerie
FileDescription : Gamma control, ATI overclock reset on resume, refresh rate hack, per game do stuff in general
InternalName : GameUtil
LegalCopyright : Copyright © 2002
OriginalFilename : GameUtil.exe

#:32 [cli.exe]
ModuleName : C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
Command Line : "C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe" SystemTray
ProcessID : 3060
ThreadCreationTime : 5-12-2005 10:24:55 PM
BasePriority : Normal


#:33 [wincinemamgr.exe]
ModuleName : C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
Command Line : "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
ProcessID : 2828
ThreadCreationTime : 5-12-2005 10:24:56 PM
BasePriority : Normal
FileVersion : 1.8.2
ProductVersion : 1, 8, 2, 0
ProductName : WinCinema Manager for InterVideo WinCinema products
CompanyName : InterVideo Inc.
FileDescription : WinCinema Manager
InternalName : WinCinema Manager
LegalCopyright : Copyright 1999-2003 InterVideo, Inc. All rights reserved.
OriginalFilename : WinCinemaMgr.EXE

#:34 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
ProcessID : 2056
ThreadCreationTime : 5-12-2005 10:25:25 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:35 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 84520
ThreadCreationTime : 5-13-2005 3:41:10 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt freeman@zedo[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:matt [email protected]/
Expires : 5-10-2015 5:29:14 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt freeman@casalemedia[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:matt [email protected]/
Expires : 5-3-2006 1:29:18 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt freeman@revenue[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:matt [email protected]/
Expires : 6-10-2022 12:05:42 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 3



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : File
Data : exiysu.exe.tcf
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM32\
FileVersion : 1, 0, 2, 17
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


WebHancer Object Recognized!
Type : File
Data : whInstaller.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\LastGood\
FileVersion : 1.8.1
ProductVersion : 1.8.1
ProductName : webHancer Installer
CompanyName : webHancer Corporation
FileDescription : webHancer Installer
InternalName : whInstaller
LegalCopyright : Copyright © 1999-2001 webHancer Corporation
OriginalFilename : whInstaller.exe


WebHancer Object Recognized!
Type : File
Data : webhdll.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\LastGood\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : webhdll.dll


WebHancer Object Recognized!
Type : File
Data : WhAgent.exe
Category : Data Miner
Comment :
Object : C:\Program Files\whInstall\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Customer Companion
InternalName : whAgent
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whAgent.exe


WebHancer Object Recognized!
Type : File
Data : whInstaller.exe
Category : Data Miner
Comment :
Object : C:\Program Files\whInstall\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Installer
InternalName : whInstaller
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whInstaller.exe


WebHancer Object Recognized!
Type : File
Data : WhSurvey.exe
Category : Data Miner
Comment :
Object : C:\Program Files\whInstall\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Survey Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Survey Companion
InternalName : whSurvey
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whSurvey.exe


WebHancer Object Recognized!
Type : File
Data : Webhdll.dll
Category : Data Miner
Comment :
Object : C:\Program Files\whInstall\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : webhdll.dll


WebHancer Object Recognized!
Type : File
Data : whiehlpr.dll
Category : Data Miner
Comment :
Object : C:\Program Files\whInstall\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer IE Helper Module
InternalName : WhIeHelper
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whiehlpr.dll


WindUpdates Object Recognized!
Type : File
Data : A0061656.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F7-8DE4-AF2B9EB4FF0E}\RP487\



Win32.Trojan.Delprot.a Object Recognized!
Type : File
Data : A0061860.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F7-8DE4-AF2B9EB4FF0E}\RP487\



MediaMotor Object Recognized!
Type : File
Data : A0060817.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F7-8DE4-AF2B9EB4FF0E}\RP462\
FileVersion : 0, 12, 4, 74
ProductVersion : 0, 12, 4, 74
ProductName : Ceres
CompanyName : Ceres
FileDescription : www.abetterinternet.com
InternalName : Ceres
LegalCopyright : Copyright © 2004
OriginalFilename : Ceres.dll
Comments : www.abetterinternet.com


MediaMotor Object Recognized!
Type : File
Data : A0060822.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F7-8DE4-AF2B9EB4FF0E}\RP463\
FileVersion : 0, 12, 4, 74
ProductVersion : 0, 12, 4, 74
ProductName : Ceres
CompanyName : Ceres
FileDescription : www.abetterinternet.com
InternalName : Ceres
LegalCopyright : Copyright © 2004
OriginalFilename : Ceres.dll
Comments : www.abetterinternet.com


VX2 Object Recognized!
Type : File
Data : A0060870.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F7-8DE4-AF2B9EB4FF0E}\RP465\
FileVersion : 1, 0, 2, 17
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : A0060872.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F7-8DE4-AF2B9EB4FF0E}\RP465\
FileVersion : 0, 4, 1, 3
ProductVersion : 0, 4, 1, 3
CompanyName : FarmMext
FileDescription : www.farmmext.com
LegalCopyright : Copyright © 2002


MediaMotor Object Recognized!
Type : File
Data : A0060913.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F7-8DE4-AF2B9EB4FF0E}\RP467\
FileVersion : 0, 12, 4, 74
ProductVersion : 0, 12, 4, 74
ProductName : Ceres
CompanyName : Ceres
FileDescription : www.abetterinternet.com
InternalName : Ceres
LegalCopyright : Copyright © 2004
OriginalFilename : Ceres.dll
Comments : www.abetterinternet.com


iSearch Toolbar Object Recognized!
Type : File
Data : MFEX-2.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F7-8DE4-AF2B9EB4FF0E}\RP468\snapshot\



VX2 Object Recognized!
Type : File
Data : A0060928.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F7-8DE4-AF2B9EB4FF0E}\RP468\
FileVersion : 0, 4, 4, 30
ProductVersion : 0, 4, 4, 30
ProductName : localnrd
CompanyName : LocalNRD
FileDescription : www.localnrd.com
InternalName : localnrd
LegalCopyright : Copyright © 2004
OriginalFilename : localnrd.dll
Comments : www.localnrd.com


Elitum.ElitebarBHO Object Recognized!
Type : File
Data : A0060929.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F7-8DE4-AF2B9EB4FF0E}\RP468\



MediaMotor Object Recognized!
Type : File
Data : A0061002.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F7-8DE4-AF2B9EB4FF0E}\RP471\
FileVersion : 0, 12, 4, 74
ProductVersion : 0, 12, 4, 74
ProductName : Ceres
CompanyName : Ceres
FileDescription : www.abetterinternet.com
InternalName : Ceres
LegalCopyright : Copyright © 2004
OriginalFilename : Ceres.dll
Comments : www.abetterinternet.com


iSearch Toolbar Object Recognized!
Type : File
Data : A0061341.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F7-8DE4-AF2B9EB4FF0E}\RP471\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23


Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\lastknowngoodrecovery\lastgood
Value : INF/oem14.PNF

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\lastknowngoodrecovery\lastgood
Value : INF/oem11.PNF

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\lastknowngoodrecovery\lastgood
Value : INF/oem12.PNF

WebHancer Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\whInstall

WebHancer Object Recognized!
Type : File
Data : license.txt
Category : Data Miner
Comment :
Object : C:\Program Files\whinstall\



WebHancer Object Recognized!
Type : File
Data : readme.txt
Category : Data Miner
Comment :
Object : C:\Program Files\whinstall\



WebHancer Object Recognized!
Type : File
Data : whAgent.ini
Category : Data Miner
Comment :
Object : C:\Program Files\whinstall\



WebHancer Object Recognized!
Type : File
Data : whInstaller.ini
Category : Data Miner
Comment :
Object : C:\Program Files\whinstall\



WebHancer Object Recognized!
Type : File
Data : whAgent.inf
Category : Data Miner
Comment :
Object : C:\Program Files\whinstall\



WebHancer Object Recognized!
Type : File
Data : Sporder.dll
Category : Data Miner
Comment :
Object : C:\Program Files\whinstall\
FileVersion : 4.00
ProductVersion : 4.00
ProductName : Microsoft® Windows NT™ Operating System
CompanyName : Microsoft Corporation
FileDescription : WinSock2 reorder service providers
InternalName : sporder.dll
LegalCopyright : Copyright © Microsoft Corp. 1981-1996
OriginalFilename : sporder.dll


WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 11
Objects found so far: 34

10:56:22 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:29.478
Objects scanned:220424
Objects identified:34
Objects ignored:0
New critical objects:34
  • 0

#4
anotherdaydown
Posted 13 May 2005 - 04:56 PM

anotherdaydown

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Any suggestions from this point?

I haven't made any more progress.
  • 0

#5
Guest_numbnuts_*
Posted 13 May 2005 - 05:25 PM

Guest_numbnuts_*
  • Guest
Hello,anotherdaydown welcome to the forum..

A New Definitions file has been released ….

New Definitions: SE1R 45 13.05.2005


Please up date To get the update, please launch Ad-Aware SE and click on the globe icon to access the Web Update feature,

Have you run an online virus/trojan scan yet? That may be helpful.
Online Scan Sites:


http://www.bitdefend...can/licence.php

Panda
Symantec
TrendMicro
A2 Trojan Scan


And then post a new logfile here..

Regards…

numbnuts.. :tazz:
  • 0

#6
anotherdaydown
Posted 13 May 2005 - 06:54 PM

anotherdaydown

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I've used panda for the online scan so far.




Ad-Aware SE Build 1.05
Logfile Created on:Friday, May 13, 2005 8:03:33 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R45 13.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):8 total references
IBIS Toolbar(TAC index:5):10 total references
iSearch Toolbar(TAC index:3):2 total references
Tracking Cookie(TAC index:3):1 total references
WebHancer(TAC index:9):7 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R45 13.05.2005
Internal build : 53
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 473168 Bytes
Total size : 1430575 Bytes
Signature data size : 1399518 Bytes
Reference data size : 30545 Bytes
Signatures total : 39932
Fingerprints total : 881
Fingerprints size : 30173 Bytes
Target categories : 15
Target families : 672


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:64 %
Total physical memory:1048048 kb
Available physical memory:664072 kb
Total page file size:4194303 kb
Available on page file:4194303 kb
Total virtual memory:2097024 kb
Available virtual memory:2047056 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-13-2005 8:03:33 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 404
ThreadCreationTime : 5-13-2005 10:01:08 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 452
ThreadCreationTime : 5-13-2005 10:01:10 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 476
ThreadCreationTime : 5-13-2005 10:01:13 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 520
ThreadCreationTime : 5-13-2005 10:01:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 532
ThreadCreationTime : 5-13-2005 10:01:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\Ati2evxx.exe
Command Line : C:\WINDOWS\System32\Ati2evxx.exe
ProcessID : 708
ThreadCreationTime : 5-13-2005 10:01:16 PM
BasePriority : Normal
FileVersion : 6.14.10.4109
ProductVersion : 6.14.10.4109.04
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 740
ThreadCreationTime : 5-13-2005 10:01:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 828
ThreadCreationTime : 5-13-2005 10:01:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 988
ThreadCreationTime : 5-13-2005 10:01:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1036
ThreadCreationTime : 5-13-2005 10:01:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ati2evxx.exe]
ModuleName : C:\WINDOWS\system32\Ati2evxx.exe
Command Line : Ati2evxx.exe -Client
ProcessID : 1208
ThreadCreationTime : 5-13-2005 10:01:18 PM
BasePriority : Normal
FileVersion : 6.14.10.4109
ProductVersion : 6.14.10.4109.04
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:12 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1264
ThreadCreationTime : 5-13-2005 10:01:18 PM
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1332
ThreadCreationTime : 5-13-2005 10:01:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [regtwk.exe]
ModuleName : C:\Program Files\Rage3DTweak\RegTwk.exe
Command Line : "C:\Program Files\Rage3DTweak\RegTwk.exe"
ProcessID : 1576
ThreadCreationTime : 5-13-2005 10:01:23 PM
BasePriority : Normal
FileVersion : 0, 0, 0, 16
ProductVersion : 0, 0, 0, 16
ProductName : Registry Tweak
CompanyName : Byron Montgomerie
FileDescription : Taskbar icon exe
InternalName : RegTwk.exe
LegalCopyright : Copyright © 1999-2002
OriginalFilename : RegTwk.exe
Comments : Taskbar program for RegTweak

#:15 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0\bin\jusched.exe"
ProcessID : 1592
ThreadCreationTime : 5-13-2005 10:01:24 PM
BasePriority : Normal


#:16 [cthelper.exe]
ModuleName : C:\WINDOWS\System32\CTHELPER.EXE
Command Line : "C:\WINDOWS\System32\CTHELPER.EXE"
ProcessID : 1600
ThreadCreationTime : 5-13-2005 10:01:24 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper Application
InternalName : CtHelper
LegalCopyright : Copyright © 2002
OriginalFilename : CtHelper.EXE

#:17 [cli.exe]
ModuleName : C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
Command Line : "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
ProcessID : 1672
ThreadCreationTime : 5-13-2005 10:01:25 PM
BasePriority : Normal


#:18 [ezsp_px.exe]
ModuleName : C:\WINDOWS\System32\ezSP_Px.exe
Command Line : "C:\WINDOWS\System32\ezSP_Px.exe"
ProcessID : 1680
ThreadCreationTime : 5-13-2005 10:01:25 PM
BasePriority : Normal


#:19 [devldr32.exe]
ModuleName : C:\WINDOWS\System32\devldr32.exe
Command Line : C:\WINDOWS\System32\devldr32.exe
ProcessID : 1688
ThreadCreationTime : 5-13-2005 10:01:25 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 17
ProductVersion : 1, 0, 0, 17
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © Creative Technology Ltd. 1998-2001
OriginalFilename : DevLdr32.exe

#:20 [cfd.exe]
ModuleName : C:\Program Files\BroadJump\Client Foundation\CFD.exe
Command Line : "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
ProcessID : 1708
ThreadCreationTime : 5-13-2005 10:01:26 PM
BasePriority : Normal


#:21 [delttray.exe]
ModuleName : C:\WINDOWS\System32\DeltTray.exe
Command Line : "C:\WINDOWS\System32\DeltTray.exe"
ProcessID : 1716
ThreadCreationTime : 5-13-2005 10:01:26 PM
BasePriority : Normal
FileVersion : 5.1.0.01
ProductVersion : 5.1.0.01
ProductName : M Audio Delta Control Panel Interface System Tray Applet
CompanyName : Doug Fetter Software Wizardry
FileDescription : M Audio Delta Control Panel Interface System Tray Applet
InternalName : Delta Panel System Tray Applet
LegalCopyright : Copyright © 2002 Midiman, Inc. All rights reserved.
LegalTrademarks : M Audio ™ is a legal trademark of MIDIMAN, Inc.
OriginalFilename : DeltTray.EXE
Comments : Developed by Doug Fetter Software Wizardry

#:22 [svch0st.exe]
ModuleName : C:\WINDOWS\System32\SVCH0ST.EXE
Command Line : C:\WINDOWS\System32\SVCH0ST.EXE
ProcessID : 1736
ThreadCreationTime : 5-13-2005 10:01:26 PM
BasePriority : Normal


#:23 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 1764
ThreadCreationTime : 5-13-2005 10:01:26 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:24 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 1912
ThreadCreationTime : 5-13-2005 10:01:29 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:25 [gameutil.exe]
ModuleName : C:\Program Files\rage3dtweak\gameutil.exe
Command Line : "C:\Program Files\rage3dtweak\gameutil.exe"
ProcessID : 2004
ThreadCreationTime : 5-13-2005 10:01:33 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 21
ProductVersion : 1, 0, 0, 21
ProductName : GameUtil
CompanyName : Byron Montgomerie
FileDescription : Gamma control, ATI overclock reset on resume, refresh rate hack, per game do stuff in general
InternalName : GameUtil
LegalCopyright : Copyright © 2002
OriginalFilename : GameUtil.exe

#:26 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 2012
ThreadCreationTime : 5-13-2005 10:01:33 PM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:27 [cli.exe]
ModuleName : C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
Command Line : "C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe" SystemTray
ProcessID : 2020
ThreadCreationTime : 5-13-2005 10:01:34 PM
BasePriority : Normal


#:28 [wincinemamgr.exe]
ModuleName : C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
Command Line : "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
ProcessID : 372
ThreadCreationTime : 5-13-2005 10:01:36 PM
BasePriority : Normal
FileVersion : 1.8.2
ProductVersion : 1, 8, 2, 0
ProductName : WinCinema Manager for InterVideo WinCinema products
CompanyName : InterVideo Inc.
FileDescription : WinCinema Manager
InternalName : WinCinema Manager
LegalCopyright : Copyright 1999-2003 InterVideo, Inc. All rights reserved.
OriginalFilename : WinCinemaMgr.EXE

#:29 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 392
ThreadCreationTime : 5-13-2005 10:01:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:30 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 440
ThreadCreationTime : 5-13-2005 10:01:37 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:31 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : "C:\WINDOWS\wanmpsvc.exe"
ProcessID : 876
ThreadCreationTime : 5-13-2005 10:01:39 PM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:32 [win32.exe]
ModuleName : C:\WINDOWS\System32\win32.exe
Command Line : win32.exe
ProcessID : 2920
ThreadCreationTime : 5-13-2005 10:02:14 PM
BasePriority : Normal


#:33 [msiexec.exe]
ModuleName : C:\WINDOWS\System32\msiexec.exe
Command Line : C:\WINDOWS\System32\msiexec.exe /V
ProcessID : 2164
ThreadCreationTime : 5-14-2005 12:55:05 AM
BasePriority : Normal


#:34 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2688
ThreadCreationTime : 5-14-2005 1:03:27 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{b599c57e-113a-4488-a5e9-bc552c4f1152}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1d27210e-2da2-41e2-a103-b5fd9d6a798b}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{145e6fb1-1256-44ed-a336-8bba43373be6}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{145e6fb1-1256-44ed-a336-8bba43373be6}
Value : InprocServer32

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 4


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt freeman@cgi-bin[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:matt [email protected]/cgi-bin
Expires : 2-27-2015 7:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 5



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IBIS Toolbar Object Recognized!
Type : File
Data : ibis-100[1].0000
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Matt Freeman\Local Settings\Temporary Internet Files\Content.IE5\STKNAV63\



IBIS Toolbar Object Recognized!
Type : File
Data : ibis-100.0000
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Matt Freeman\Application Data\awao\



iSearch Toolbar Object Recognized!
Type : File
Data : A0061858.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F7-8DE4-AF2B9EB4FF0E}\RP487\



iSearch Toolbar Object Recognized!
Type : File
Data : A0061859.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F7-8DE4-AF2B9EB4FF0E}\RP487\



WebHancer Object Recognized!
Type : File
Data : A0062675.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F7-8DE4-AF2B9EB4FF0E}\RP494\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Customer Companion
InternalName : whAgent
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whAgent.exe


WebHancer Object Recognized!
Type : File
Data : A0062676.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F7-8DE4-AF2B9EB4FF0E}\RP494\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Installer
InternalName : whInstaller
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whInstaller.exe


WebHancer Object Recognized!
Type : File
Data : A0062677.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F7-8DE4-AF2B9EB4FF0E}\RP494\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Survey Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Survey Companion
InternalName : whSurvey
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whSurvey.exe


WebHancer Object Recognized!
Type : File
Data : A0062679.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F7-8DE4-AF2B9EB4FF0E}\RP494\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : webhdll.dll


WebHancer Object Recognized!
Type : File
Data : A0062680.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F7-8DE4-AF2B9EB4FF0E}\RP494\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer IE Helper Module
InternalName : WhIeHelper
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whiehlpr.dll


WebHancer Object Recognized!
Type : File
Data : A0062681.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F7-8DE4-AF2B9EB4FF0E}\RP494\
FileVersion : 1.8.1
ProductVersion : 1.8.1
ProductName : webHancer Installer
CompanyName : webHancer Corporation
FileDescription : webHancer Installer
InternalName : whInstaller
LegalCopyright : Copyright © 1999-2001 webHancer Corporation
OriginalFilename : whInstaller.exe


WebHancer Object Recognized!
Type : File
Data : A0062682.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{157294F3-2861-44F7-8DE4-AF2B9EB4FF0E}\RP494\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : webhdll.dll


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16


Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
84 entries scanned.
New critical objects:0
Objects found so far: 16




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\run
Value : WindowsFY

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Custom Search URL

CoolWebSearch Object Recognized!
Type : RegData
Data : about:blank
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Search Bar
Data : about:blank

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrShadow

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrHighlight

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrForeColor

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrBackColor

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrDownload

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrViewed

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrStatic

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 12
Objects found so far: 28

8:15:27 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:54.77
Objects scanned:222408
Objects identified:28
Objects ignored:0
New critical objects:28

Edited by anotherdaydown, 13 May 2005 - 07:21 PM.

  • 0

#7
anotherdaydown
Posted 14 May 2005 - 09:04 AM

anotherdaydown

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
This is the main problem I'm having. Anytime I try to sign into a site(Dealing with name and password) I get this error as soon as I advance.

IE_error.gif
  • 0

#8
Guest_Andy_veal_*
Posted 14 May 2005 - 09:31 AM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R45 13.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

Please only remove CoolWebSearch first

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#9
anotherdaydown
Posted 14 May 2005 - 10:59 AM

anotherdaydown

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Okay, followed your instruction, got rid of CoolWebSearch and here is the log file after reboot.

Thanks for your help...



Ad-Aware SE Build 1.05
Logfile Created on:Saturday, May 14, 2005 11:44:30 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R45 13.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ClickSpring(TAC index:6):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R45 13.05.2005
Internal build : 53
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 473168 Bytes
Total size : 1430575 Bytes
Signature data size : 1399518 Bytes
Reference data size : 30545 Bytes
Signatures total : 39932
Fingerprints total : 881
Fingerprints size : 30173 Bytes
Target categories : 15
Target families : 672


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:67 %
Total physical memory:1048048 kb
Available physical memory:693244 kb
Total page file size:4194303 kb
Available on page file:4194303 kb
Total virtual memory:2097024 kb
Available virtual memory:2045768 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-14-2005 11:44:30 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 416
ThreadCreationTime : 5-14-2005 4:43:26 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 464
ThreadCreationTime : 5-14-2005 4:43:28 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 488
ThreadCreationTime : 5-14-2005 4:43:29 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 532
ThreadCreationTime : 5-14-2005 4:43:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 544
ThreadCreationTime : 5-14-2005 4:43:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\Ati2evxx.exe
Command Line : C:\WINDOWS\System32\Ati2evxx.exe
ProcessID : 720
ThreadCreationTime : 5-14-2005 4:43:32 PM
BasePriority : Normal
FileVersion : 6.14.10.4109
ProductVersion : 6.14.10.4109.04
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 752
ThreadCreationTime : 5-14-2005 4:43:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 828
ThreadCreationTime : 5-14-2005 4:43:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1000
ThreadCreationTime : 5-14-2005 4:43:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1048
ThreadCreationTime : 5-14-2005 4:43:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ati2evxx.exe]
ModuleName : C:\WINDOWS\system32\Ati2evxx.exe
Command Line : Ati2evxx.exe -Client
ProcessID : 1216
ThreadCreationTime : 5-14-2005 4:43:35 PM
BasePriority : Normal
FileVersion : 6.14.10.4109
ProductVersion : 6.14.10.4109.04
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:12 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1288
ThreadCreationTime : 5-14-2005 4:43:35 PM
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1344
ThreadCreationTime : 5-14-2005 4:43:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [regtwk.exe]
ModuleName : C:\Program Files\Rage3DTweak\RegTwk.exe
Command Line : "C:\Program Files\Rage3DTweak\RegTwk.exe"
ProcessID : 1588
ThreadCreationTime : 5-14-2005 4:43:40 PM
BasePriority : Normal
FileVersion : 0, 0, 0, 16
ProductVersion : 0, 0, 0, 16
ProductName : Registry Tweak
CompanyName : Byron Montgomerie
FileDescription : Taskbar icon exe
InternalName : RegTwk.exe
LegalCopyright : Copyright © 1999-2002
OriginalFilename : RegTwk.exe
Comments : Taskbar program for RegTweak

#:15 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0\bin\jusched.exe"
ProcessID : 1604
ThreadCreationTime : 5-14-2005 4:43:41 PM
BasePriority : Normal


#:16 [cthelper.exe]
ModuleName : C:\WINDOWS\System32\CTHELPER.EXE
Command Line : "C:\WINDOWS\System32\CTHELPER.EXE"
ProcessID : 1628
ThreadCreationTime : 5-14-2005 4:43:41 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper Application
InternalName : CtHelper
LegalCopyright : Copyright © 2002
OriginalFilename : CtHelper.EXE

#:17 [cli.exe]
ModuleName : C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
Command Line : "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
ProcessID : 1692
ThreadCreationTime : 5-14-2005 4:43:42 PM
BasePriority : Normal


#:18 [devldr32.exe]
ModuleName : C:\WINDOWS\System32\devldr32.exe
Command Line : C:\WINDOWS\System32\devldr32.exe
ProcessID : 1700
ThreadCreationTime : 5-14-2005 4:43:42 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 17
ProductVersion : 1, 0, 0, 17
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © Creative Technology Ltd. 1998-2001
OriginalFilename : DevLdr32.exe

#:19 [ezsp_px.exe]
ModuleName : C:\WINDOWS\System32\ezSP_Px.exe
Command Line : "C:\WINDOWS\System32\ezSP_Px.exe"
ProcessID : 1716
ThreadCreationTime : 5-14-2005 4:43:42 PM
BasePriority : Normal


#:20 [cfd.exe]
ModuleName : C:\Program Files\BroadJump\Client Foundation\CFD.exe
Command Line : "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
ProcessID : 1732
ThreadCreationTime : 5-14-2005 4:43:43 PM
BasePriority : Normal


#:21 [svch0st.exe]
ModuleName : C:\WINDOWS\System32\SVCH0ST.EXE
Command Line : C:\WINDOWS\System32\SVCH0ST.EXE
ProcessID : 1744
ThreadCreationTime : 5-14-2005 4:43:43 PM
BasePriority : Normal


#:22 [delttray.exe]
ModuleName : C:\WINDOWS\System32\DeltTray.exe
Command Line : "C:\WINDOWS\System32\DeltTray.exe"
ProcessID : 1776
ThreadCreationTime : 5-14-2005 4:43:43 PM
BasePriority : Normal
FileVersion : 5.1.0.01
ProductVersion : 5.1.0.01
ProductName : M Audio Delta Control Panel Interface System Tray Applet
CompanyName : Doug Fetter Software Wizardry
FileDescription : M Audio Delta Control Panel Interface System Tray Applet
InternalName : Delta Panel System Tray Applet
LegalCopyright : Copyright © 2002 Midiman, Inc. All rights reserved.
LegalTrademarks : M Audio ™ is a legal trademark of MIDIMAN, Inc.
OriginalFilename : DeltTray.EXE
Comments : Developed by Doug Fetter Software Wizardry

#:23 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 1836
ThreadCreationTime : 5-14-2005 4:43:44 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:24 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 1848
ThreadCreationTime : 5-14-2005 4:43:44 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:25 [zlclient.exe]
ModuleName : C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Command Line : n/a
ProcessID : 1856
ThreadCreationTime : 5-14-2005 4:43:44 PM
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:26 [wapr.exe]
ModuleName : C:\Documents and Settings\Matt Freeman\Application Data\wapr.exe
Command Line : "C:\Documents and Settings\Matt Freeman\Application Data\wapr.exe"
ProcessID : 1912
ThreadCreationTime : 5-14-2005 4:43:46 PM
BasePriority : Normal


ClickSpring Object Recognized!
Type : Process
Data : wapr.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\Documents and Settings\Matt Freeman\Application Data\


Warning! ClickSpring Object found in memory(C:\Documents and Settings\Matt Freeman\Application Data\wapr.exe)

"C:\Documents and Settings\Matt Freeman\Application Data\wapr.exe"Process terminated successfully
"C:\Documents and Settings\Matt Freeman\Application Data\wapr.exe"Process terminated successfully

#:27 [m?dtc.exe]
ModuleName : C:\WINDOWS\System32\m?dtc.exe
Command Line : "C:\WINDOWS\System32\m?dtc.exe"
ProcessID : 1940
ThreadCreationTime : 5-14-2005 4:43:48 PM
BasePriority : Normal


ClickSpring Object Recognized!
Type : Process
Data : m?dtc.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! ClickSpring Object found in memory(C:\WINDOWS\System32\m?dtc.exe)

Warning! "C:\WINDOWS\System32\m?dtc.exe"Process could not be terminated!

#:28 [win32.exe]
ModuleName : C:\WINDOWS\System32\win32.exe
Command Line : "C:\WINDOWS\System32\win32.exe"
ProcessID : 1952
ThreadCreationTime : 5-14-2005 4:43:49 PM
BasePriority : Normal


#:29 [gameutil.exe]
ModuleName : C:\Program Files\rage3dtweak\gameutil.exe
Command Line : "C:\Program Files\rage3dtweak\gameutil.exe"
ProcessID : 1992
ThreadCreationTime : 5-14-2005 4:43:53 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 21
ProductVersion : 1, 0, 0, 21
ProductName : GameUtil
CompanyName : Byron Montgomerie
FileDescription : Gamma control, ATI overclock reset on resume, refresh rate hack, per game do stuff in general
InternalName : GameUtil
LegalCopyright : Copyright © 2002
OriginalFilename : GameUtil.exe

#:30 [cli.exe]
ModuleName : C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
Command Line : "C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe" SystemTray
ProcessID : 2000
ThreadCreationTime : 5-14-2005 4:43:53 PM
BasePriority : Normal


#:31 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 2020
ThreadCreationTime : 5-14-2005 4:43:54 PM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:32 [wincinemamgr.exe]
ModuleName : C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
Command Line : "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
ProcessID : 296
ThreadCreationTime : 5-14-2005 4:43:56 PM
BasePriority : Normal
FileVersion : 1.8.2
ProductVersion : 1, 8, 2, 0
ProductName : WinCinema Manager for InterVideo WinCinema products
CompanyName : InterVideo Inc.
FileDescription : WinCinema Manager
InternalName : WinCinema Manager
LegalCopyright : Copyright 1999-2003 InterVideo, Inc. All rights reserved.
OriginalFilename : WinCinemaMgr.EXE

#:33 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 436
ThreadCreationTime : 5-14-2005 4:43:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:34 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 888
ThreadCreationTime : 5-14-2005 4:43:58 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:35 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : "C:\WINDOWS\wanmpsvc.exe"
ProcessID : 1160
ThreadCreationTime : 5-14-2005 4:44:01 PM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:36 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2060
ThreadCreationTime : 5-14-2005 4:44:13 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:37 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 2452
ThreadCreationTime : 5-14-2005 4:44:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:38 [vsmon.exe]
ModuleName : C:\WINDOWS\System32\ZoneLabs\vsmon.exe
Command Line : n/a
ProcessID : 3180
ThreadCreationTime : 5-14-2005 4:44:28 PM
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
84 entries scanned.
New critical objects:0
Objects found so far: 2




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

ClickSpring Object Recognized!
Type : File
Data : crash.txt
Category : Malware
Comment :
Object : c:\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 3

11:57:04 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:34.104
Objects scanned:219035
Objects identified:3
Objects ignored:0
New critical objects:3
  • 0

#10
anotherdaydown
Posted 16 May 2005 - 04:32 PM

anotherdaydown

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I still can't log into my email accounts and certain message boards.

I'm not sure where to go from here? :tazz:
  • 0

#11
anotherdaydown
Posted 17 May 2005 - 10:10 AM

anotherdaydown

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Now Zone Alarm doesn't load on initial boot.

I'm at a bit of a dead end at this point.

Any guidance from this point would be appreciated...
  • 0

#12
Guest_numbnuts_*
Posted 18 May 2005 - 04:15 AM

Guest_numbnuts_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0

#13
anotherdaydown
Posted 18 May 2005 - 04:18 PM

anotherdaydown

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Logfile of HijackThis v1.99.1
Scan saved at 5:11:11 PM, on 5/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rage3DTweak\RegTwk.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\DeltTray.exe
C:\WINDOWS\System32\SVCH0ST.EXE
C:\Program Files\rage3dtweak\gameutil.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cssrs.exe
C:\WINDOWS\System32\Services\{FC97846E-DCA6-4468-8C76-E534F12894E1}\SVCHOST.EXE
C:\WINDOWS\System32\win32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksear...ndex.php?aff=19
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Local Spool Net support DLL - {327C2850-C90E-4D37-AA9E-10AD9BACA46C} - c:\windows\system32\localsplnet.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} - C:\WINDOWS\system32\appwiz.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C98361E8-D453-48B3-9258-558422EE9EF8} - C:\WINDOWS\System32\dbb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [RegTweak] C:\Program Files\Rage3DTweak\RegTwk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [exiysu] c:\windows\system32\exiysu.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{FC97846E-DCA6-4468-8C76-E534F12894E1}\SVCHOST.EXE
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Lsui] C:\Documents and Settings\Matt Freeman\Application Data\wapr.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
O4 - Global Startup: gameutil.exe.lnk = ?
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Locators.com Search Bar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - (no file)
O9 - Extra 'Tools' menuitem: Locators.com Search Bar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {4C922A4D-EE4E-42F5-8018-B03720736A08} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4C922A4D-EE4E-42F5-8018-B03720736A08} - (no file) (HKCU)
O12 - Plugin for .amr: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {35B7E48B-9D81-4C6C-9578-5FD4F620D886} (InstallShield Setup Player 2K2) - http://craxtion.xbox...stall/setup.exe
O16 - DPF: {3AE9ED90-4B59-47A0-873B-7B71554B3C3E} (JoystickCtl Class) - http://downloads.big...uk/joystick.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O21 - SSODL: System - {61400A03-BB15-4DAC-AC7E-D5D6DF77DA41} - ssvmc.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Crypkey License - Unknown owner - crypserv.exe (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: TrueVector Basic Logging Client (minilog) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZONELABS\minilog.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP