Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

180 solutions dataminer [CLOSED]


  • This topic is locked This topic is locked

#1
avis

avis

    New Member

  • Member
  • Pip
  • 7 posts
Logfile of HijackThis v1.99.1
Scan saved at 21:59:08, on 25/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ues8hv5c.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Joel\My Documents\Malware Removal\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ues8hv5c] C:\WINDOWS\system32\ues8hv5c.exe
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.c...bt/yregucfg.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1095847180281
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave...outLauncher.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe




Ad-Aware SE Build 1.06r1
Logfile Created on:25 July 2005 21:39:53
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R56 21.07.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):14 total references
MRU List(TAC index:0):19 total references
Tracking Cookie(TAC index:3):27 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


25-07-2005 21:39:53 - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 496
ThreadCreationTime : 25-07-2005 18:45:11
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 552
ThreadCreationTime : 25-07-2005 18:45:12
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 576
ThreadCreationTime : 25-07-2005 18:45:13
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 620
ThreadCreationTime : 25-07-2005 18:45:13
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 632
ThreadCreationTime : 25-07-2005 18:45:13
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 784
ThreadCreationTime : 25-07-2005 18:45:14
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 844
ThreadCreationTime : 25-07-2005 18:45:14
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 932
ThreadCreationTime : 25-07-2005 18:45:14
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 984
ThreadCreationTime : 25-07-2005 18:45:14
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1100
ThreadCreationTime : 25-07-2005 18:45:15
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1280
ThreadCreationTime : 25-07-2005 18:45:18
BasePriority : Normal
FileVersion : 8.18
ProductVersion : 8.18
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:12 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1304
ThreadCreationTime : 25-07-2005 18:45:18
BasePriority : Normal
FileVersion : 8.18
ProductVersion : 8.18
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:13 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1312
ThreadCreationTime : 25-07-2005 18:45:18
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [fsgk32st.exe]
ModuleName : C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
Command Line : "C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe"
ProcessID : 1476
ThreadCreationTime : 25-07-2005 18:45:18
BasePriority : Normal
FileVersion : 1, 0, 7360, 0
ProductVersion : 1, 0, 7360, 56
ProductName : F-Secure Corp. Startup service
CompanyName : F-Secure Corp.
FileDescription : fsgk32st
InternalName : fsgk32
LegalCopyright : Copyright © 2001
OriginalFilename : fsgk32st.exe
Comments : Startup service for Gatekeeper Handler

#:15 [fsgk32.exe]
ModuleName : C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
Command Line : "C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE" /service /stopevent=28
ProcessID : 1508
ThreadCreationTime : 25-07-2005 18:45:18
BasePriority : Normal
FileVersion : 5.50.9420
ProductVersion : 5.50.9420
ProductName : F-Secure Corp. fsgk32
CompanyName : F-Secure Corp.
FileDescription : Gatekeeper Handler II
InternalName : fsgk32
LegalCopyright : Copyright © 2003
OriginalFilename : fsgk32.exe
Comments : release

#:16 [fssm32.exe]
ModuleName : C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
Command Line : "C:\Program Files\F-Secure\Anti-Virus\fssm32.exe" 3 1840 1836 1832
ProcessID : 1536
ThreadCreationTime : 25-07-2005 18:45:18
BasePriority : Normal
FileVersion : 5.50.9410
ProductVersion : 5.50.9410
ProductName : F-Secure Corp. fssm32
CompanyName : F-Secure Corp.
FileDescription : fssm32
InternalName : fssm32
LegalCopyright : Copyright © 2003
OriginalFilename : fssm32.exe
Comments : release

#:17 [kodakccs.exe]
ModuleName : C:\WINDOWS\system32\drivers\KodakCCS.exe
Command Line : C:\WINDOWS\system32\drivers\KodakCCS.exe
ProcessID : 1552
ThreadCreationTime : 25-07-2005 18:45:18
BasePriority : Normal
FileVersion : 1.1.5100.4
ProductVersion : 4.4.0.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : KodakCCS.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2004
OriginalFilename : DcFsSvc.exe

#:18 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1812
ThreadCreationTime : 25-07-2005 18:45:18
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:19 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : "C:\WINDOWS\wanmpsvc.exe"
ProcessID : 1908
ThreadCreationTime : 25-07-2005 18:45:18
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:20 [fsma32.exe]
ModuleName : C:\Program Files\F-Secure\Common\FSMA32.EXE
Command Line : "C:\Program Files\F-Secure\Common\FSMA32.EXE"
ProcessID : 2008
ThreadCreationTime : 25-07-2005 18:45:19
BasePriority : Normal
FileVersion : 5.00.5420
ProductVersion : 5.00 Build 5420
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Management Agent
InternalName : VCH
LegalCopyright : Copyright © 1998-2002 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSMA32.EXE

#:21 [fsmb32.exe]
ModuleName : C:\Program Files\F-Secure\Common\FSMB32.EXE
Command Line : 1.3.6.1.4.1.2213.11.1.23
ProcessID : 2036
ThreadCreationTime : 25-07-2005 18:45:19
BasePriority : Normal
FileVersion : 5.00.5420
ProductVersion : 5.00 Build 5420
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Message Broker
InternalName : FSMB
LegalCopyright : Copyright © 1998-2002 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSMB32.EXE

#:22 [fch32.exe]
ModuleName : C:\Program Files\F-Secure\Common\FCH32.EXE
Command Line : 1.3.6.1.4.1.2213.11.1.15
ProcessID : 324
ThreadCreationTime : 25-07-2005 18:45:21
BasePriority : Normal
FileVersion : 5.00.5420
ProductVersion : 5.00 Build 5420
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Configuration Handler
InternalName : FCH
LegalCopyright : Copyright © 1998-2002 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FCH32.EXE

#:23 [fnrb32.exe]
ModuleName : C:\Program Files\F-Secure\Common\FNRB32.EXE
Command Line : "C:\Program Files\F-Secure\Common\FNRB32.EXE"
ProcessID : 1136
ThreadCreationTime : 25-07-2005 18:45:22
BasePriority : Normal
FileVersion : 5.00.5420
ProductVersion : 5.00 Build 5420
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Network Request Broker
InternalName : FNRB
LegalCopyright : Copyright © 1998-2002 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FNRB32.EXE

#:24 [fameh32.exe]
ModuleName : C:\Program Files\F-Secure\Common\FAMEH32.EXE
Command Line : 1.3.6.1.4.1.2213.11.1.18
ProcessID : 1412
ThreadCreationTime : 25-07-2005 18:45:22
BasePriority : Normal
FileVersion : 5.00.5420
ProductVersion : 5.00 Build 5420
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Alert and Management Extension Handler
InternalName : FAMEH
LegalCopyright : Copyright © 1998-2002 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FAMEH32.EXE

#:25 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1624
ThreadCreationTime : 25-07-2005 18:45:23
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:26 [fih32.exe]
ModuleName : C:\Program Files\F-Secure\Common\FIH32.EXE
Command Line : 1.3.6.1.4.1.2213.11.1.20
ProcessID : 1756
ThreadCreationTime : 25-07-2005 18:45:23
BasePriority : Normal
FileVersion : 5.00.5420
ProductVersion : 5.00 Build 5420
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Installation Launcher
InternalName : ILAUNCHR
LegalCopyright : Copyright © 1998-2002 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : ILAUNCHR.EXE

#:27 [fsav32.exe]
ModuleName : C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
Command Line : 1.3.6.1.4.1.2213.12
ProcessID : 1772
ThreadCreationTime : 25-07-2005 18:45:23
BasePriority : Normal
FileVersion : 5.42.9441
ProductVersion : 5.42.9441
ProductName : F-Secure Anti-Virus
CompanyName : F-Secure Corporation
FileDescription : FSAV Handler
InternalName : FSAV32
LegalCopyright : Copyright © 1998-2003, F-Secure Corporation
OriginalFilename : FSAV32.exe

#:28 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1888
ThreadCreationTime : 25-07-2005 18:45:23
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:29 [syntplpr.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
ProcessID : 2292
ThreadCreationTime : 25-07-2005 18:45:26
BasePriority : Normal
FileVersion : 7.5.18.3 17Jul03
ProductVersion : 7.5.18.3 17Jul03
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2003
OriginalFilename : SynTPLpr.exe

#:30 [syntpenh.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
ProcessID : 2324
ThreadCreationTime : 25-07-2005 18:45:26
BasePriority : Normal
FileVersion : 7.5.18.3 17Jul03
ProductVersion : 7.5.18.3 17Jul03
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2003
OriginalFilename : SynTPEnh.exe

#:31 [datalayer.exe]
ModuleName : C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
Command Line : "C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe"
ProcessID : 2344
ThreadCreationTime : 25-07-2005 18:45:26
BasePriority : Normal
FileVersion : 5, 0, 2, 38
ProductVersion : 5, 0
ProductName : Nokia PC Suite
CompanyName : Nokia Mobile Phones Ltd.
FileDescription : DataLayer 2.0 Module
InternalName : DataLayer 2.0
LegalCopyright : Copyright © 2004. Nokia. All rights reserved.
OriginalFilename : DataLayer.exe

#:32 [ncltray.exe]
ModuleName : C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
Command Line : "C:\Program Files\Common Files\Nokia\Tools\NclTray.exe"
ProcessID : 2360
ThreadCreationTime : 25-07-2005 18:45:26
BasePriority : Normal


#:33 [fsm32.exe]
ModuleName : C:\Program Files\F-Secure\Common\FSM32.EXE
Command Line : "C:\PROGRAM FILES\F-SECURE\COMMON\FSM32.EXE" /SPLASH
ProcessID : 2376
ThreadCreationTime : 25-07-2005 18:45:26
BasePriority : Normal
FileVersion : 5.00.5420
ProductVersion : 5.00 Build 5420
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Settings and Statistics
InternalName : FSM
LegalCopyright : Copyright © 1998-2002 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSM32.EXE

#:34 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 2392
ThreadCreationTime : 25-07-2005 18:45:26
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:35 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 2408
ThreadCreationTime : 25-07-2005 18:45:26
BasePriority : Normal
FileVersion : 0.1.0.3249
ProductVersion : 0.1.0.3249
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:36 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 2452
ThreadCreationTime : 25-07-2005 18:45:26
BasePriority : Normal
FileVersion : 4.9.0.17
ProductVersion : 4.9.0.17
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:37 [ues8hv5c.exe]
ModuleName : C:\WINDOWS\system32\ues8hv5c.exe
Command Line : "C:\WINDOWS\system32\ues8hv5c.exe"
ProcessID : 2472
ThreadCreationTime : 25-07-2005 18:45:26
BasePriority : Normal
FileVersion : 4, 0, 3, 2
ProductVersion : 4, 0, 3, 2

#:38 [gear511.exe]
ModuleName : C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
Command Line : "C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe" -hide
ProcessID : 2492
ThreadCreationTime : 25-07-2005 18:45:26
BasePriority : Normal
FileVersion : 1, 28, 10, 4
ProductVersion : 1, 28, 10, 4
ProductName : NetgearRev Application
FileDescription : NetgearRev MFC Application
InternalName : NetgearRev
LegalCopyright : Copyright © 2003
OriginalFilename : NetgearRev.EXE

#:39 [bigfix.exe]
ModuleName : C:\Program Files\BigFix\BigFix.exe
Command Line : "C:\Program Files\BigFix\BigFix.exe" /atstartup
ProcessID : 2624
ThreadCreationTime : 25-07-2005 18:45:27
BasePriority : Normal
FileVersion : 1, 7, 6, 0
ProductVersion : 1, 7, 6, 0
ProductName : BigFix
CompanyName : BigFix Inc.
FileDescription : BigFix Client Application
InternalName : BigFix
LegalCopyright : Copyright © 2002
OriginalFilename : BigFix.exe

#:40 [easyshare.exe]
ModuleName : C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Command Line : "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" -h
ProcessID : 2660
ThreadCreationTime : 25-07-2005 18:45:27
BasePriority : Normal
FileVersion : 5, 0, 4, 128
ProductVersion : 4, 0, 2, 134
ProductName : Kodak EasyShare software
CompanyName : Eastman Kodak Company
FileDescription : Kodak EasyShare software
InternalName : EasyShare
LegalCopyright : Copyright © Eastman Kodak Company 2002
LegalTrademarks : EasyShare
OriginalFilename : EasyShare.exe

#:41 [servicelayer.exe]
ModuleName : C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Command Line : "C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe" -Embedding
ProcessID : 3096
ThreadCreationTime : 25-07-2005 18:45:29
BasePriority : Normal
FileVersion : 6.00.008
ProductVersion : 6.0
ProductName : Nokia Connectivity Library
CompanyName : Nokia Corp.
FileDescription : ServiceLayer Module
InternalName : ServiceLayer
LegalCopyright : Copyright © 2002-2004 Nokia. All Rights Reserved.
OriginalFilename : ServiceLayer.exe

#:42 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 3104
ThreadCreationTime : 25-07-2005 18:45:29
BasePriority : Normal
FileVersion : 4.9.0.17
ProductVersion : 4.9.0.17
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:43 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2068
ThreadCreationTime : 25-07-2005 20:39:36
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21b4acc4-8874-4aec-aeac-f567a249b4d4}

180Solutions Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21b4acc4-8874-4aec-aeac-f567a249b4d4}
Value : AppID

180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7b178417-3cda-444f-94ff-312c0a3a78a8}

180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ncmyb.sabho

180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ncmyb.sabho.1

180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{68bf4626-d66b-4383-a6af-62e57e9b6cd4}

180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{21b4acc4-8874-4aec-aeac-f567a249b4d4}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 7


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7

MRU List Object Recognized!
Location: : C:\Documents and Settings\Joel\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Joel\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-325676981-629969385-2099629690-1005\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-325676981-629969385-2099629690-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-325676981-629969385-2099629690-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-325676981-629969385-2099629690-1005\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-325676981-629969385-2099629690-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-325676981-629969385-2099629690-1005\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-325676981-629969385-2099629690-1005\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-325676981-629969385-2099629690-1005\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-325676981-629969385-2099629690-1005\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-325676981-629969385-2099629690-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-325676981-629969385-2099629690-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-325676981-629969385-2099629690-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-325676981-629969385-2099629690-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-325676981-629969385-2099629690-1005\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joel@bluestreak[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 23-07-2015 17:07:06
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joel@bravenet[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 01-01-2011 00:12:40
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joel@mediaplex[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 22-06-2009 01:00:00
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joel@casalemedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 16-07-2006 16:21:06
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joel@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:57
Value : Cookie:[email protected]/
Expires : 24-07-2010 20:28:58
LastSync : Hits:57
UseCount : 0
Hits : 57

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joel@0[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:13
Value : Cookie:[email protected]/HTM/634/0
Expires : 24-07-2006 16:57:50
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joel@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:13
Value : Cookie:[email protected]/cgi-bin
Expires : 23-07-2015 14:45:26
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 01-03-2007 01:00:00
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joel@apmebf[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 24-07-2010 21:31:44
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joel@0[5].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:127
Value : Cookie:[email protected]/HTM/676/0
Expires : 25-07-2006 20:59:08
LastSync : Hits:127
UseCount : 0
Hits : 127

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joel@0[4].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/HTM/561/0
Expires : 24-07-2006 17:23:18
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joel@0[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/HTM/573/0
Expires : 25-07-2006 20:34:50
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joel@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:32
Value : Cookie:[email protected]/
Expires : 24-07-2006 22:20:38
LastSync : Hits:32
UseCount : 0
Hits : 32

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joel@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 01-01-2011 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joel@0[6].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/HTM/676/0
Expires : 25-07-2006 20:56:40
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joel@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:22
Value : Cookie:[email protected]/
Expires : 22-07-2008 15:50:48
LastSync : Hits:22
UseCount : 0
Hits : 22

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joel@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:19
Value : Cookie:[email protected]/
Expires : 22-07-2010 01:00:00
LastSync : Hits:19
UseCount : 0
Hits : 19

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joel@targetnet[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie:[email protected]/
Expires : 18-05-2033 04:33:20
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:82
Value : Cookie:[email protected]/
Expires : 24-08-2005 20:28:58
LastSync : Hits:82
UseCount : 0
Hits : 82

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joel@statcounter[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 23-07-2010 17:06:52
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joel@qsrch[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 24-08-2005 20:21:04
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joel@trafficmp[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:[email protected]/
Expires : 25-07-2006 20:27:24
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:[email protected]/
Expires : 24-07-2006 22:20:38
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joel@adviva[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:14
Value : Cookie:[email protected]/
Expires : 29-06-2010 14:45:26
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 24
Objects found so far: 50



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Guest&
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please do not post the Ad-aware log unless we ask for it.

OK, you made another post about a week ago. Is that for the same computer or a different one?

I see I have replied to your topics before. You never gave a followup. If you want us to help you out, you have to post back (regardless of whether it's fixed or not) so we know what happened.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Make sure you downloaded, installed, updated and ran these programs already - Ad-aware, Spybot and Microsoft AntiSpyware. If you didn't, do them now. For more information, go to http://www.greyknigh...com/spyware.htm

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

180searchassistant
QuickSearch


Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll (file missing)
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll (file missing)
O4 - HKLM\..\Run: [ues8hv5c] C:\WINDOWS\system32\ues8hv5c.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)


Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

c:\program files\180searchassistant\
C:\Program Files\QuickSearch\
C:\WINDOWS\system32\ues8hv5c.exe


Restart and run a new HijackThis scan. Save the log file and post it here.
  • 0

#3
avis

avis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
firstly i would just like to thank you for taking the time to help me. i have done a couple of posts for friends of mine and i'm sorry if they have not had the good manners to reply and say whether your advice has worked.
This is my new HJT log
Thanks again
Joel


Logfile of HijackThis v1.99.1
Scan saved at 17:11:32, on 26/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Joel\My Documents\Malware Removal\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.c...bt/yregucfg.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1095847180281
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave...outLauncher.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Are they using your username to make the posts? They should create their own. Otherwise, we would think that you are making duplicate postings.

Your log is clean.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#5
avis

avis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I am still concerned about an entry in the HJT log

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

I'm not sure what this program is.
I have done a google search and have found that ares.exe is considered to be a security risk, not only because antivirus programs flag Gaobot.ee Worm as a virus, but also because a number of users have complained about its performance.

Gaobot.ee Worm is likely a virus and as such, presents a serious vulnerability which should be fixed immediately! Delaying the removal of ares.exe may cause serious harm to your system and will likely cause a number of problems, such as slow performance, loss of data or leaking private information to websites.

i just wondered whether you have any advice.
Thanks
Joel
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hi Joel, I didn't mention that program to fix because it's a file sharing program and whenever I ask users to remove it they don't usually.

So did you install that file sharing program? If not, then go to the Add/Remove panel and uninstall Ares.

Any other problems/questions?
  • 0

#7
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP