Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Searchtoolbar/Wareout Trojan Virus [CLOSED]


  • This topic is locked This topic is locked

#1
pmas76

pmas76

    New Member

  • Member
  • Pip
  • 2 posts
I had caught the Searchtoolbar/Wareout trojan virus about a week ago and was able to delete most of it based on reading your great responses to all the other people here that have become infected. I stopped the pop-ups and the hack that wouldn't allow my toolbar to be changed and I believed to have removed it all until I got a message from my McAfee Virus Protection stating that "RSDIDIN.EXE" is trying to run from host "Spy-Search.I". McAfee deletes it but I obviously want whatever is causing it gone. I also have been getting "Microsoft Firewall detects suspicious network activty" pop-up as of late. My internet explorer and computer is running a lot slower then normal so I know that something is still lingering around on my computer but I can't seem to kill it. I have to leave this one up to the experts.

Below is my HijackThis log, Ad-Aware log, CWShredder log, Ewido log, Kaspery log & Panda log. I would appreciate all the help I can get. Thank you so much.


Logfile of HijackThis v1.99.1
Scan saved at 2:27:49 AM, on 7/16/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
D:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\Fast.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com.../hp/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yahoo.com...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com.../hp/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com...hp.my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\RoboForm\RoboForm.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\RoboForm\RoboForm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://D:\Program Files\RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files\RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\RoboForm\RoboFormComFillForms.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol....83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120252670753
O16 - DPF: {72109033-D398-49B6-8C11-A15619BEE0AF} (04WebInstall) - https://www.lacertes...4webinstall.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol....,20/McGDMgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe


Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, July 16, 2005 11:26:52 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R54 14.07.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):4 total references
Tracking Cookie(TAC index:3):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R54 14.07.2005
Internal build : 63
File location : D:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 496849 Bytes
Total size : 1499538 Bytes
Signature data size : 1467043 Bytes
Reference data size : 31983 Bytes
Signatures total : 41785
CSI Fingerprints total : 962
CSI data size : 33758 Bytes
Target categories : 15
Target families : 715


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:37 %
Total physical memory:392684 kb
Available physical memory:143320 kb
Total page file size:944932 kb
Available on page file:763508 kb
Total virtual memory:2097024 kb
Available virtual memory:2045272 kb
OS:Microsoft Windows XP Professional (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


7-16-2005 11:26:52 AM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 364
ThreadCreationTime : 7-16-2005 3:19:26 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 424
ThreadCreationTime : 7-16-2005 3:19:43 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 448
ThreadCreationTime : 7-16-2005 3:19:45 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 492
ThreadCreationTime : 7-16-2005 3:19:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 504
ThreadCreationTime : 7-16-2005 3:19:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 696
ThreadCreationTime : 7-16-2005 3:19:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 720
ThreadCreationTime : 7-16-2005 3:19:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 792
ThreadCreationTime : 7-16-2005 3:19:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 852
ThreadCreationTime : 7-16-2005 3:19:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1076
ThreadCreationTime : 7-16-2005 3:19:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1124
ThreadCreationTime : 7-16-2005 3:19:50 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [aolsp scheduler.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
Command Line : "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
ProcessID : 1284
ThreadCreationTime : 7-16-2005 3:19:54 PM
BasePriority : Normal
FileVersion : 1, 5, 0, 0
ProductVersion : 1, 5, 0, 0
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe

#:13 [itouch.exe]
ModuleName : D:\Program Files\Logitech\iTouch\iTouch.exe
Command Line : "D:\Program Files\Logitech\iTouch\iTouch.exe"
ProcessID : 1292
ThreadCreationTime : 7-16-2005 3:19:54 PM
BasePriority : Normal
FileVersion : 2.15.264
ProductVersion : 2.15.264
ProductName : iTouch
CompanyName : Logitech Inc.
FileDescription : iTouch Application
InternalName : iTouch
LegalCopyright : © 1998-2002 Logitech. All rights reserved.
LegalTrademarks : Logitech® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : iTouch.exe
Comments : Created by the iTouch team

#:14 [mcagent.exe]
ModuleName : C:\PROGRA~1\mcafee.com\agent\mcagent.exe
Command Line : "C:\PROGRA~1\mcafee.com\agent\mcagent.exe"
ProcessID : 1332
ThreadCreationTime : 7-16-2005 3:19:55 PM
BasePriority : Normal
FileVersion : 4, 3, 0, 10
ProductVersion : 4, 3, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 1998-2002 Networks Associates Technology, Inc.
OriginalFilename : mcagent.exe

#:15 [mcvsescn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\mcvsescn.exe
Command Line : "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled
ProcessID : 1340
ThreadCreationTime : 7-16-2005 3:19:55 PM
BasePriority : Normal
FileVersion : 8, 0, 0, 30
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:16 [mpftray.exe]
ModuleName : C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
Command Line : "C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE"
ProcessID : 1372
ThreadCreationTime : 7-16-2005 3:19:56 PM
BasePriority : Normal
FileVersion : 4.5.4.41
ProductVersion : 4.5.4.41
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Tray Monitor
InternalName : MpfTray
LegalCopyright : Copyright © 2000-2003 Networks Associates Technologies, Inc.
OriginalFilename : MPFTRAY.EXE
Comments : Tray Icon for McAfee Personal Firewall

#:17 [aolacsd.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"
ProcessID : 1516
ThreadCreationTime : 7-16-2005 3:19:58 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service
InternalName : AOLacsd
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLacsd.exe

#:18 [aoltsmon.exe]
ModuleName : C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
Command Line : "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"
ProcessID : 1536
ThreadCreationTime : 7-16-2005 3:19:58 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™ Monitor
CompanyName : America Online, Inc
FileDescription : AOL TopSpeed™ Monitor
InternalName : AOL TopSpeed™ Monitor
LegalCopyright : Copyright © 2004 America Online, Inc.
OriginalFilename : aoltsmon.exe

#:19 [mcvsrte.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding
ProcessID : 1620
ThreadCreationTime : 7-16-2005 3:19:59 PM
BasePriority : Normal
FileVersion : 8, 0, 0, 12
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:20 [mpfservice.exe]
ModuleName : C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
Command Line : C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
ProcessID : 1632
ThreadCreationTime : 7-16-2005 3:19:59 PM
BasePriority : Normal
FileVersion : 4.1.0.1
ProductVersion : 4.1.0.1
ProductName : McAfee Personal Firewall
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2000,2001
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service

#:21 [mpfagent.exe]
ModuleName : C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
Command Line : C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE -Embedding
ProcessID : 1640
ThreadCreationTime : 7-16-2005 3:19:59 PM
BasePriority : Normal
FileVersion : 4.1.0.41
ProductVersion : 4.1.0.41
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Agent Interface
InternalName : MpfAgent
LegalCopyright : Copyright © 2000-2003 Networks Associates Technologies, Inc.
OriginalFilename : MPFAGENT.EXE
Comments : McAfee Personal Firewall Security Center Module

#:22 [aoltpspd.exe]
ModuleName : C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
Command Line : -p11526 -q"11527,11528,11529,11530,11531,11532,11533" -S256 -G"C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\vph.ph" -H1536
ProcessID : 1664
ThreadCreationTime : 7-16-2005 3:19:59 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™
CompanyName : America Online Inc
FileDescription : AOL TopSpeed™
InternalName : AOL TopSpeed™ Loader
LegalCopyright : Copyright © 2003-2004
LegalTrademarks : AOL TopSpeed™
OriginalFilename : aoltpspd.exe

#:23 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1860
ThreadCreationTime : 7-16-2005 3:20:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:24 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 1892
ThreadCreationTime : 7-16-2005 3:20:03 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:25 [fast.exe]
ModuleName : C:\WINDOWS\System32\Fast.exe
Command Line : C:\WINDOWS\System32\Fast.exe -service
ProcessID : 2008
ThreadCreationTime : 7-16-2005 3:20:04 PM
BasePriority : Normal
FileVersion : 5.1.3564.0 (Lab06_DEV(lamadio).011003-1729)
ProductVersion : 5.1.3564.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Super Fast User Switcher
InternalName : Fast
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Fast.EXE

#:26 [mcshield.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
ProcessID : 224
ThreadCreationTime : 7-16-2005 3:20:11 PM
BasePriority : High


#:27 [mcvsshld.exe]
ModuleName : c:\program files\mcafee.com\vso\mcvsshld.exe
Command Line : / /notify
ProcessID : 2220
ThreadCreationTime : 7-16-2005 3:21:23 PM
BasePriority : Normal
FileVersion : 8, 0, 0, 15
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:28 [securitysuite.exe]
ModuleName : D:\Program Files\Ewido Networks\Security Suite\SecuritySuite.exe
Command Line : "D:\Program Files\Ewido Networks\Security Suite\SecuritySuite.exe"
ProcessID : 2320
ThreadCreationTime : 7-16-2005 3:21:40 PM
BasePriority : Normal
FileVersion : 3, 5, 0, 0
ProductVersion : 3, 5, 0, 0
ProductName : ewido security suite
CompanyName : ewido networks
FileDescription : security suite
InternalName : GuiLoader
LegalCopyright : © 2003 ewido networks
OriginalFilename : SecuritySuite.exe

#:29 [ad-aware.exe]
ModuleName : D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2816
ThreadCreationTime : 7-16-2005 3:24:52 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:30 [spybotsd.exe]
ModuleName : D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Command Line : "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
ProcessID : 2860
ThreadCreationTime : 7-16-2005 3:25:07 PM
BasePriority : Normal
FileVersion : 1.4.0.3
ProductVersion : 1, 4, 0, 3
ProductName : SpyBot-S&D
CompanyName : Safer Networking Limited
FileDescription : Spybot - Search & Destroy
InternalName : SpybotSD
LegalCopyright : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : SpyBotSD.exe
Comments : Software zum Entfernen von Spyware und ähnlichen Bedrohungen.

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : C:\Documents and Settings\Philip C. Masiello\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Philip C. Masiello\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1659004503-1060284298-1202660629-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : philip c. masiello@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:44
Value : Cookie:philip c. masiello@2o7.net/
Expires : 7-15-2010 11:22:58 AM
LastSync : Hits:44
UseCount : 0
Hits : 44

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : philip c. masiello@z1.adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:philip c. masiello@z1.adserver.com/
Expires : 7-15-2006 7:12:48 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : philip c. masiello@citi.bridgetrack[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:philip c. masiello@citi.bridgetrack.com/
Expires : 7-11-2006
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : philip c. masiello@adrevolver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:philip c. masiello@adrevolver.com/
Expires : 7-16-2006 3:11:32 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : philip c. masiello@servedby.netshelter[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:philip c. masiello@servedby.netshelter.net/
Expires : 7-23-2005 2:08:46 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 9



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : philip c. masiello@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Philip C. Masiello\Local Settings\Temp\Cookies\philip c. masiello@2o7[1].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 10




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10

1:13:54 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:01:47:01.133
Objects scanned:151811
Objects identified:6
Objects ignored:0
New critical objects:6


**** Run Keys ****

RUN: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
RUN: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
RUN: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
RUN: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
RUN: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
RUN: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
RUN: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE


**** Browser Helper Objects ****

BHO: [AcroIEHlprObj Class] D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO: [] D:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: [] D:\Program Files\RoboForm\RoboForm.dll


**** IE Toolbars ****

TOOLBAR: [McAfee VirusScan] c:\progra~1\mcafee.com\vso\mcvsshl.dll
TOOLBAR: [&RoboForm] D:\Program Files\RoboForm\RoboForm.dll
TOOLBAR: [&Radio] C:\WINDOWS\System32\msdxm.ocx


**** IE Extensions ****

IEExt: [Web Browser Applet Control] C:\WINDOWS\System32\msjava.dll
IEExt: [Fill Forms] C:\WINDOWS\System32\msjava.dll
IEExt: [AOL Toolbar] C:\WINDOWS\System32\msjava.dll
IEExt: [RoboForm] C:\WINDOWS\System32\msjava.dll
IEExt: [Research] C:\WINDOWS\System32\msjava.dll
IEExt: [Real.com] C:\WINDOWS\System32\msjava.dll


**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost


**** IE Settings ****

Default Page: http://www.yahoo.com...//www.yahoo.com
Default Search: http://www.yahoo.com...//www.yahoo.com
Local Page: C:\WINDOWS\System32\blank.htm
Search Bar: http://www.yahoo.com.../hp/search.html
Search Page: http://www.yahoo.com...//www.yahoo.com


**** IE Context Menu (Right click) ****

IEContext: [&AOL Toolbar search] res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IEContext: [E&xport to Microsoft Excel] res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IEContext: [Fill Forms] file://D:\Program Files\RoboForm\RoboFormComFillForms.html
IEContext: [RoboForm Toolbar] file://D:\Program Files\RoboForm\RoboFormComShowToolbar.html


**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{28322679-7144-43A8-A993-6C8B8B9CA21C}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{28322679-7144-43A8-A993-6C8B8B9CA21C}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C1612116-41F4-4E6F-BB20-7E70E34DF6D2}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C1612116-41F4-4E6F-BB20-7E70E34DF6D2}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0CA15B9A-8F08-4839-B87F-48076A7F3673}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0CA15B9A-8F08-4839-B87F-48076A7F3673}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{821B1E05-1864-4B18-9225-6925EF2929D5}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{821B1E05-1864-4B18-9225-6925EF2929D5}] DATAGRAM 3


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [snd.cpl] no
BLOCKED: [joystick.cpl] no
BLOCKED: [midimap.drv] no


**** Downloaded Program Files ****

DirectAnimation Java Classes [file://c:\windows\SYSTEM\dajava.cab]
Internet Explorer Classes for Java [file://c:\windows\SYSTEM\iejava.cab]
Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso.cab]
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [http://office.micros...tent/opuc2.cab] C:\WINDOWS\opuc.dll
{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} [http://aolcc.aol.com...up/qdiagcc.cab] C:\WINDOWS\System32\DView.cfg C:\WINDOWS\System32\DProg.ini C:\WINDOWS\System32\DLPT.sys C:\WINDOWS\System32\DDMI.VXD C:\WINDOWS\System32\DLPT.VXD C:\WINDOWS\System32\DDMI2.sys C:\WINDOWS\System32\qdiagcc.ocx
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [https://objects.aol....3/mcinsctl.cab]
{6414512B-B978-451D-A0D8-FCFDF33E833C} [http://update.micros...?1120252670753]
{72109033-D398-49B6-8C11-A15619BEE0AF} [https://www.lacertes...webinstall.cab]
{8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/...ndows-i586.cab]
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [https://objects.aol....20/McGDMgr.cab]
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} [http://java.sun.com/...ndows-i586.cab]


**** Windows Services ****

[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AOL ACS] "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"
[AOL TopSpeedMonitor] C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
[AOLService] C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
[cisvc] C:\WINDOWS\System32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[ImapiService] C:\WINDOWS\System32\imapi.exe
[InteractiveLogon] C:\WINDOWS\System32\Fast.exe -service
[iPodService] D:\Program Files\iPod\bin\iPodService.exe
[lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService
[McShield] c:\PROGRA~1\mcafee.com\vso\mcshield.exe
[mcupdmgr.exe] C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
[MCVSRte] c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding
[Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MpfService] D:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\System32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[ose] C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RemoteRegistry] %SystemRoot%\system32\svchost.exe -k LocalService
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardDrv] %SystemRoot%\System32\SCardSvr.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{69D6AAAC-FC9E-40EC-B381-6D2226222651}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost.exe -k netsvcs
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TlntSvr] C:\WINDOWS\System32\tlntsvr.exe
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[UMWdf] C:\WINDOWS\System32\wdfmgr.exe
[uploadmgr] %SystemRoot%\System32\svchost.exe -k netsvcs
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[Wmi] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs


**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://ie.search.msn...st/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn...st/srchcust.htm
SEARCH: [CustomSearch] http://www.yahoo.com.../hp/search.html


**** Complete IE Options ****

IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\WINDOWS\System32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://www.optonline.net/
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] http://www.yahoo.com...//www.yahoo.com
IEOPT: [Show_ChannelBand] no
IEOPT: [FullScreen] no
IEOPT: [Use Custom Search URL]
IEOPT: [Search Bar] http://www.yahoo.com.../hp/search.html
IEOPT: [ChannelsURL] http://www.iechannel...de/en/en_us.asp
IEOPT: [ChannelsFirstURL] res://ie4tour.dll/channels.htm
IEOPT: [LastCheckedHi]
IEOPT: [Window_Placement] ,
IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Check_Associations] yes
IEOPT: [FormSuggest PW Ask] no
IEOPT: [Use FormSuggest] no
IEOPT: [Use Search Asst] no
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [AutoSearch]
IEOPT: [AddToFavoritesExpanded]
IEOPT: [conc]
IEOPT: [Default_Page_URL] http://www.yahoo.com...//www.yahoo.com
IEOPT: [Default_Search_URL] http://www.yahoo.com...//www.yahoo.com
IEOPT: [Search Page] http://yahoo.com
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] c:\windows\SYSTEM\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://www.yahoo.com...hp.my.yahoo.com
IEOPT: [Custom_Key] MICROSO
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [Search Bar] http://www.yahoo.com.../hp/search.html
IEOPT: [FullScreen] no


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:29:51 PM, 7/16/2005
+ Report-Checksum: F46FD415

+ Scan result:

HKLM\SOFTWARE\WareOut -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-1659004503-1060284298-1202660629-1003\Software\WareOut -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-1659004503-1060284298-1202660629-1003\Software\WareOut\Options -> TrojanDownloader.Wareout : Cleaned with backup
C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Program Files\Common Files\aolback\Comps\coach\aolcinst.exe/fastengine.cab\data\player\AOLNySEV.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Program Files\Common Files\aolback\Comps\coach\aolcinst.exe/fastengine.cab\data\player\AOLNySEV.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Documents and Settings\Philip C. Masiello\Cookies\philip c. masiello@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Philip C. Masiello\Cookies\philip c. masiello@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\System Volume Information\_restore{0AB2F250-8B9D-4E53-9F08-D91DD0602F4A}\RP56\A0019347.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{0AB2F250-8B9D-4E53-9F08-D91DD0602F4A}\RP56\A0019367.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{0AB2F250-8B9D-4E53-9F08-D91DD0602F4A}\RP56\A0020360.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{0AB2F250-8B9D-4E53-9F08-D91DD0602F4A}\RP56\A0020366.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{0AB2F250-8B9D-4E53-9F08-D91DD0602F4A}\RP56\A0020376.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{0AB2F250-8B9D-4E53-9F08-D91DD0602F4A}\RP59\A0020463.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{0AB2F250-8B9D-4E53-9F08-D91DD0602F4A}\RP59\A0020491.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{0AB2F250-8B9D-4E53-9F08-D91DD0602F4A}\RP59\A0020566.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{0AB2F250-8B9D-4E53-9F08-D91DD0602F4A}\RP59\A0020646.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{0AB2F250-8B9D-4E53-9F08-D91DD0602F4A}\RP59\A0020690.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{0AB2F250-8B9D-4E53-9F08-D91DD0602F4A}\RP60\A0020740.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{0AB2F250-8B9D-4E53-9F08-D91DD0602F4A}\RP60\A0020767.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{0AB2F250-8B9D-4E53-9F08-D91DD0602F4A}\RP60\A0020802.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{0AB2F250-8B9D-4E53-9F08-D91DD0602F4A}\RP61\A0020850.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{0AB2F250-8B9D-4E53-9F08-D91DD0602F4A}\RP61\A0020883.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{0AB2F250-8B9D-4E53-9F08-D91DD0602F4A}\RP61\A0020914.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{0AB2F250-8B9D-4E53-9F08-D91DD0602F4A}\RP62\A0021914.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{0AB2F250-8B9D-4E53-9F08-D91DD0602F4A}\RP63\A0021984.exe -> TrojanDropper.Vidro.p : Cleaned with backup


::Report End


-------------------------------------------------------------------------------
KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Sunday, July 17, 2005 00:46:14
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 17/07/2005
Kaspersky Anti-Virus database records: 138465
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
M:\
N:\

Scan Statistics:
Total number of scanned objects: 74331
Number of viruses found: 2
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 10555 sec

Infected Object Name - Virus Name
C:\WINDOWS\SYSTEM32\skblt.dll Infected: not-a-virus:AdWare.ToolBar.SBSoft.h
C:\System Volume Information\_restore{0AB2F250-8B9D-4E53-9F08-D91DD0602F4A}\RP63\A0022031.exe Infected: Trojan-Dropper.Win32.Vidro.p

Scan process completed.



Incident Status Location

Adwa

Edited by pmas76, 18 July 2005 - 05:52 AM.

  • 0

Advertisements


#2
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi,


We are sorry to have missed your log due to heavy traffic.

If you still need help, please post back a fresh Hijack This log.

If the problem has been resolved, please let us know.
  • 0

#3
pmas76

pmas76

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I had to reformat my hard drive. Buggers wouldn't go away. Question though, when I reinstall Windows XP SP1, should I then proceed to upgrade to SP2? I have heard of problem with it. Please let me know. Thanks.
  • 0

#4
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
pmas76,

We are sorry that you had to reformat your hard drive.

Installation of Service Pack 2 causes problem if the PC is already infected. Chances are that it wont effect you in any negative way !!!

Even though you have reformatted the hard disk, the reality is that PCs can get infected again almost instantaneously !!! Anway, you can upgrade to SP1, post a hJT log here and then I can tell you whether you can proceed to install SP2.
  • 0

#5
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP