Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Winfixer among other problems [RESOLVED]


  • This topic is locked This topic is locked

#1
ChaosApothecary

ChaosApothecary

    New Member

  • Member
  • Pip
  • 5 posts
My poor laptop recently became infected with Winfixer, and after reading a few other topics, I can tell other people are as well. I try to keep my computer clean with firewall/norton anti-virus, etc. But recently I was slammed with several individual advertising problems, Winfixer 2005 among them.
I have HijackThis 1.99.1 and Search & Destroy- I have used the Search & Destroy program twice now, but it only finds and deletes the cookies, and the problem resurfaces every time I restart. I am new at HijackThis and could use some help removing these advertisment problems.

Search & Destroy found the following ones:
Advertising.com
Avenue A, Inc
DoubleClick
Hitbox
MediaPlex
ValueClick
Web Trends live
Windows Security Center.AntiVirusOverride
Winfixer

My HijackThis log is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 9:52:58 AM, on 10/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Linksys Wireless Guard\WscNetMgrSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Linksys Wireless Guard\WscGuard.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\AIM95\AIM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ColonelCommisar\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toshibadirect.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\vturp.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Linksys Wireless Guard.lnk = C:\Program Files\Linksys Wireless Guard\WscGuard.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\AIM.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://dcon.futurema...lobal/msc37.cab
O20 - Winlogon Notify: vturp - C:\WINDOWS\system32\vturp.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Linksys Wireless Guard Network Manager Service (WSCNetManager) - Wireless Security Corporation - C:\Program Files\Linksys Wireless Guard\WscNetMgrSvc.exe

It might be a bit much to ask with help with all of that, but any advice given would be appreciated. Much thanks =)
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Did you run Ad-aware yet? If not, download it and install it now. Then check for any updates and run the scan (remove whatever it finds).

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Please download VundoFix.exe at http://www.atribune....ds/VundoFix.exe to your desktop.

* Double-click VundoFix.exe to extract the files.
* After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key (or F5 in some machines) until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
* Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
* Please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\vturp.dll

* Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
* When asked for a second path, enter -> C:\WINDOWS\system32\prutv.*
* Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
* The fix will run then HijackThis will open.
* In HijackThis, please place a check next to the following items and click FIX CHECKED:

O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\vturp.dll
O4 - Startup: PowerReg Scheduler.exe
O20 - Winlogon Notify: vturp - C:\WINDOWS\system32\vturp.dll


* After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
* Pressing any key will cause a 'Blue Screen of Death' this is normal, do not worry!
* Once your machine reboots please continue with the instructions below.

Download and install CleanUp! http://www.greyknigh...spy/CleanUp.exe

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click 'Options...'
Move the arrow down to 'Custom CleanUp!'
Put a check next to the following (Make sure nothing else is checked!):

* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users

Click OK. Press the CleanUp! button to start the program.
It may ask you to reboot at the end, click NO.

Then, please run an online virus scan at ActiveScan http://www.pandasoft.../activescan.htm

Copy the results of the ActiveScan and paste them here along with a new HijackThis log and the vundofix.txt file from the vundofix folder into this topic.
  • 0

#3
ChaosApothecary

ChaosApothecary

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Ok, I ran Ad-Aware as suggested and it came up with 57 Critical objects (that doesnt sound good) the list is as follows:


Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, October 05, 2005 10:22:19 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R69 05.10.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):57 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


10-5-2005 10:22:19 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 784
ThreadCreationTime : 10-5-2005 7:55:48 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 856
ThreadCreationTime : 10-5-2005 7:56:08 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 884
ThreadCreationTime : 10-5-2005 7:56:13 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 928
ThreadCreationTime : 10-5-2005 7:56:14 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 940
ThreadCreationTime : 10-5-2005 7:56:14 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1124
ThreadCreationTime : 10-5-2005 7:56:15 AM
BasePriority : Normal


#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1140
ThreadCreationTime : 10-5-2005 7:56:15 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1192
ThreadCreationTime : 10-5-2005 7:56:15 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1336
ThreadCreationTime : 10-5-2005 7:56:15 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [acs.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1476
ThreadCreationTime : 10-5-2005 7:56:15 AM
BasePriority : Normal


#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1584
ThreadCreationTime : 10-5-2005 7:56:16 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1660
ThreadCreationTime : 10-5-2005 7:56:16 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 160
ThreadCreationTime : 10-5-2005 7:56:16 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 340
ThreadCreationTime : 10-5-2005 7:56:20 AM
BasePriority : Normal
FileVersion : 2.1.0.610
ProductVersion : 2.1.0.610
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:15 [ceepwrsvc.exe]
FilePath : C:\Program Files\Toshiba\Power Management\
ProcessID : 360
ThreadCreationTime : 10-5-2005 7:56:20 AM
BasePriority : Normal
FileVersion : 1, 1, 0, 1
ProductVersion : 1, 1, 0, 1
ProductName : CeEPwrSvc Module
CompanyName : COMPAL ELECTRONIC INC.
FileDescription : CeEPwrSvc Module
InternalName : CeEPwrSvc
LegalCopyright : Copyright 2002-2004 Compal Electronic Inc.
OriginalFilename : CeEPwrSvc.EXE
Comments : James Kang

#:16 [cfsvcs.exe]
FilePath : C:\Program Files\TOSHIBA\ConfigFree\
ProcessID : 376
ThreadCreationTime : 10-5-2005 7:56:20 AM
BasePriority : Normal
FileVersion : 4, 60, 0, 2
ProductVersion : 4, 60, 0, 0
ProductName : ConfigFree™
CompanyName : TOSHIBA CORPORATION
FileDescription : Service of ConfigFree.
InternalName : CFSvcs.exe
LegalCopyright : Copyright © 2003 TOSHIBA CORPORATION. All rights reserved.
LegalTrademarks : ConfigFree™
OriginalFilename : CFSvcs.exe
Comments : Service of ConfigFree.

#:17 [dvdramsv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 412
ThreadCreationTime : 10-5-2005 7:56:20 AM
BasePriority : Normal
FileVersion : 2, 0, 7, 0
ProductVersion : 2, 0, 7, 0
CompanyName : Matsushita Electric Industrial Co., Ltd.
FileDescription : Service of RAMAsst for Windows XP
LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002 - 2003
OriginalFilename : DVDRAMSV.EXE

#:18 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 576
ThreadCreationTime : 10-5-2005 7:56:21 AM
BasePriority : Normal
FileVersion : 10.00.3
ProductVersion : 10.00.3
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:19 [savscan.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 612
ThreadCreationTime : 10-5-2005 7:56:21 AM
BasePriority : Normal
FileVersion : 9.2.1.14
ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright © 2003 Symantec Corporation
OriginalFilename : SAVSCAN.EXE

#:20 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 804
ThreadCreationTime : 10-5-2005 7:56:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:21 [swupdtmr.exe]
FilePath : c:\TOSHIBA\Ivp\Swupdate\
ProcessID : 824
ThreadCreationTime : 10-5-2005 7:56:22 AM
BasePriority : Normal


#:22 [wscnetmgrsvc.exe]
FilePath : C:\Program Files\Linksys Wireless Guard\
ProcessID : 944
ThreadCreationTime : 10-5-2005 7:56:22 AM
BasePriority : Normal
FileVersion : 1, 1, 3, 22
ProductVersion : 1, 1, 3, 22
ProductName : WSC Guard
CompanyName : Wireless Security Corporation
FileDescription : WSC Guard Net Manager Service
InternalName : WscNetMgrSvc
LegalCopyright : Copyright © 2003-2004, Wireless Security Corporation
OriginalFilename : WscNetMgrSvc.EXE

#:23 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1380
ThreadCreationTime : 10-5-2005 7:56:24 AM
BasePriority : Normal
FileVersion : 2.1.0.610
ProductVersion : 2.1.0.610
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:24 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 724
ThreadCreationTime : 10-5-2005 7:56:32 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:25 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1916
ThreadCreationTime : 10-5-2005 8:10:07 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:26 [tfswctrl.exe]
FilePath : C:\WINDOWS\system32\dla\
ProcessID : 704
ThreadCreationTime : 10-5-2005 8:10:12 AM
BasePriority : Normal
FileVersion : 1.04.78j
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions

#:27 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 1524
ThreadCreationTime : 10-5-2005 8:10:14 AM
BasePriority : Normal
FileVersion : 6.14.10.5103
ProductVersion : 6.14.10.5103
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:28 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 1388
ThreadCreationTime : 10-5-2005 8:10:14 AM
BasePriority : Normal
FileVersion : 2.1.38 2.1.38 02/20/2004 15:00:27
ProductVersion : 2.1.38 2.1.38 02/20/2004 15:00:27
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe

#:29 [apoint.exe]
FilePath : C:\Program Files\Apoint2K\
ProcessID : 988
ThreadCreationTime : 10-5-2005 8:10:14 AM
BasePriority : Normal
FileVersion : 6.0.2.180
ProductVersion : 6.0.2.180
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2003 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:30 [ceekey.exe]
FilePath : C:\Program Files\TOSHIBA\E-KEY\
ProcessID : 1852
ThreadCreationTime : 10-5-2005 8:10:14 AM
BasePriority : Normal
FileVersion : 2, 1, 0, 7
ProductVersion : 2, 1, 0, 7
ProductName : EKey Application
CompanyName : COMPAL ELECTRONIC INC.
FileDescription : TOSHIBA HotKey Utility
InternalName : EKey
LegalCopyright : Copyright 2003-2004 Compal Electronic Inc.
OriginalFilename : CeEKey.EXE

#:31 [tptray.exe]
FilePath : C:\Program Files\TOSHIBA\TouchPad\
ProcessID : 1628
ThreadCreationTime : 10-5-2005 8:10:15 AM
BasePriority : Normal
FileVersion : 1, 1, 0, 2
ProductVersion : 1, 1, 0, 2
ProductName : TPTray Application
CompanyName : COMPAL ELECTRONIC INC.
FileDescription : TPTray Application
InternalName : TPTray
LegalCopyright : Copyright 2002-2004 Compal Electronic Inc.
OriginalFilename : TPTray.EXE
Comments : Mei Hsu

#:32 [padexe.exe]
FilePath : C:\Program Files\TOSHIBA\Touch and Launch\
ProcessID : 1028
ThreadCreationTime : 10-5-2005 8:10:15 AM
BasePriority : Normal
FileVersion : 1, 2, 4, 0
ProductVersion : 1, 2, 4, 0
ProductName : PadTouch
CompanyName : TOSHIBA
FileDescription : PadTouch Main
InternalName : PadExe
LegalCopyright : Copyright © 2003-2004 TOSHIBA Corporation
OriginalFilename : PadExe.exe

#:33 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1492
ThreadCreationTime : 10-5-2005 8:10:15 AM
BasePriority : Normal
FileVersion : 2.1.0.610
ProductVersion : 2.1.0.610
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:34 [cepmtray.exe]
FilePath : C:\Program Files\TOSHIBA\Power Management\
ProcessID : 2128
ThreadCreationTime : 10-5-2005 8:10:17 AM
BasePriority : Normal
FileVersion : 1, 1, 0, 12
ProductVersion : 1, 1, 0, 12
ProductName : CeTray Application
CompanyName : COMPAL ELECTRONIC INC.
FileDescription : CeTray MFC Application
InternalName : CeTray
LegalCopyright : Copyright 2002-2004 Compal Electronic Inc.
OriginalFilename : CeTray.EXE
Comments : James Kang

#:35 [hydradm.exe]
FilePath : C:\Program Files\ATI Technologies\ATI HYDRAVISION\
ProcessID : 2164
ThreadCreationTime : 10-5-2005 8:10:17 AM
BasePriority : Normal
FileVersion : 3.25.0006
ProductVersion : 3.25.0006
ProductName : ATI Technologies Inc. HydraVision Desktop Manager
CompanyName : ATI Technologies Inc.
FileDescription : HydraDM
InternalName : HydraDM
LegalCopyright : Copyright © ATI Technologies Inc. 1985-2002
OriginalFilename : HydraDM.exe

#:36 [hpwuschd2.exe]
FilePath : C:\Program Files\HP\HP Software Update\
ProcessID : 2176
ThreadCreationTime : 10-5-2005 8:10:17 AM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : HP Software Update Application
CompanyName : Hewlett-Packard Company
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd.exe

#:37 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2244
ThreadCreationTime : 10-5-2005 8:10:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:38 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 2332
ThreadCreationTime : 10-5-2005 8:10:20 AM
BasePriority : Normal
FileVersion : 45.4.157.000
ProductVersion : 045.004.157.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor

#:39 [apntex.exe]
FilePath : C:\Program Files\Apoint2K\
ProcessID : 2360
ThreadCreationTime : 10-5-2005 8:10:20 AM
BasePriority : Normal
FileVersion : 5.0.1.15
ProductVersion : 5.0.1.15
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
LegalCopyright : Copyright © 1998-2003 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:40 [wscguard.exe]
FilePath : C:\Program Files\Linksys Wireless Guard\
ProcessID : 2388
ThreadCreationTime : 10-5-2005 8:10:20 AM
BasePriority : Normal
FileVersion : 1, 1, 3, 22
ProductVersion : 1, 1, 3, 22
ProductName : WSC Guard
CompanyName : Wireless Security Corporation
FileDescription : WSC Guard
InternalName : WSC Guard
LegalCopyright : Copyright © 2003-2004, Wireless Security Corporation
OriginalFilename : WscGuard.EXE

#:41 [nost_lm.exe]
FilePath : C:\Program Files\Belkin\Nostromo\
ProcessID : 2428
ThreadCreationTime : 10-5-2005 8:10:22 AM
BasePriority : Normal
FileVersion : 3.0
ProductVersion : 3.0
ProductName : Nostromo Array Programming Software
FileDescription : Loadout Manager
InternalName : Activator
LegalCopyright : Copyright © 2001-2002 Belkin Components. All Rights Reserved.
OriginalFilename : nost_LM.EXE

#:42 [ramasst.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2580
ThreadCreationTime : 10-5-2005 8:10:23 AM
BasePriority : Normal
FileVersion : 1, 0, 9, 0
ProductVersion : 1, 0, 9, 0
CompanyName : Matsushita Electric Industrial Co., Ltd.
FileDescription : CD Burning of Windows XP disabling tool for DVD MULTI Drive
LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002 - 2003
OriginalFilename : RAMASST.EXE

#:43 [hpqgalry.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 2700
ThreadCreationTime : 10-5-2005 8:10:25 AM
BasePriority : Normal


#:44 [hpzipm12.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3000
ThreadCreationTime : 10-5-2005 8:10:32 AM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe

#:45 [ivpsvmgr.exe]
FilePath : C:\toshiba\ivp\ism\
ProcessID : 1276
ThreadCreationTime : 10-5-2005 8:13:36 AM
BasePriority : Normal
FileVersion : 3.5.3.1
ProductVersion : 3.5
ProductName : Software Upgrades
CompanyName : TOSHIBA Corporation
FileDescription : IVP Service Manager Application
InternalName : IVPSVMGR
LegalCopyright : © 1997-2002 TOSHIBA Corporation
OriginalFilename : IVPSVMGR.EXE

#:46 [aim.exe]
FilePath : C:\Program Files\AIM95\
ProcessID : 2756
ThreadCreationTime : 10-5-2005 4:31:51 PM
BasePriority : Normal
FileVersion : 5.5.3572
ProductVersion : 5.5.3572
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:47 [spybotsd.exe]
FilePath : C:\Program Files\Spybot - Search & Destroy\
ProcessID : 2960
ThreadCreationTime : 10-5-2005 4:35:38 PM
BasePriority : Normal
FileVersion : 1.4.0.3
ProductVersion : 1, 4, 0, 3
ProductName : SpyBot-S&D
CompanyName : Safer Networking Limited
FileDescription : Spybot - Search & Destroy
InternalName : SpybotSD
LegalCopyright : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : SpyBotSD.exe
Comments : Software zum Entfernen von Spyware und ähnlichen Bedrohungen.

#:48 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1600
ThreadCreationTime : 10-5-2005 4:37:14 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:49 [hijackthis.exe]
FilePath : C:\Program Files\Hijackthis\
ProcessID : 3980
ThreadCreationTime : 10-5-2005 5:17:45 PM
BasePriority : Normal
FileVersion : 1.99.0001
ProductVersion : 1.99.0001
ProductName : HijackThis
CompanyName : Soeperman Enterprises Ltd.
FileDescription : HijackThis
InternalName : HijackThis
LegalCopyright : Freeware
OriginalFilename : HijackThis.exe
Comments : Version history is in Help section

#:50 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ProcessID : 2708
ThreadCreationTime : 10-5-2005 5:21:37 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@qksrv[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:colonelcommisar@qksrv.net/
Expires : 9-21-2010 5:34:16 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@casalemedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:686
Value : Cookie:colonelcommisar@casalemedia.com/
Expires : 9-23-2006 4:29:52 PM
LastSync : Hits:686
UseCount : 0
Hits : 686

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:30
Value : Cookie:colonelcommisar@realmedia.com/
Expires : 12-31-2020 5:00:00 PM
LastSync : Hits:30
UseCount : 0
Hits : 30

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@tripod[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:colonelcommisar@tripod.com/
Expires : 8-25-2006 12:38:50 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@s.as-us.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:colonelcommisar@s.as-us.falkag.net/
Expires : 10-2-2005 8:09:46 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@adrevolver[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:28
Value : Cookie:colonelcommisar@media.adrevolver.com/adrevolver/
Expires : 6-13-2008 8:19:00 AM
LastSync : Hits:28
UseCount : 0
Hits : 28

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:57
Value : Cookie:colonelcommisar@bluestreak.com/
Expires : 10-2-2015 7:22:06 PM
LastSync : Hits:57
UseCount : 0
Hits : 57

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:colonelcommisar@tradedoubler.com/
Expires : 9-17-2025 10:17:26 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:68
Value : Cookie:colonelcommisar@tribalfusion.com/
Expires : 12-31-2037 5:00:00 PM
LastSync : Hits:68
UseCount : 0
Hits : 68

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@fastclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:43
Value : Cookie:colonelcommisar@fastclick.net/
Expires : 10-5-2007 12:50:32 AM
LastSync : Hits:43
UseCount : 0
Hits : 43

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:colonelcommisar@doubleclick.net/
Expires : 10-3-2008 7:04:04 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:colonelcommisar@adtech.de/
Expires : 9-20-2015 5:18:34 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:24
Value : Cookie:colonelcommisar@advertising.com/
Expires : 10-4-2010 12:40:14 AM
LastSync : Hits:24
UseCount : 0
Hits : 24

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@edge.ru4[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:colonelcommisar@edge.ru4.com/
Expires : 8-17-2035 7:29:44 PM
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@trafficmp[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1956
Value : Cookie:colonelcommisar@trafficmp.com/
Expires : 8-22-2006 11:51:28 PM
LastSync : Hits:1956
UseCount : 0
Hits : 1956

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@adrevolver[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:21
Value : Cookie:colonelcommisar@adrevolver.com/
Expires : 9-19-2006 5:39:12 AM
LastSync : Hits:21
UseCount : 0
Hits : 21

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@statse.webtrendslive[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:colonelcommisar@statse.webtrendslive.com/
Expires : 10-3-2015 12:44:14 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@as-eu.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:colonelcommisar@as-eu.falkag.net/
Expires : 9-22-2006 10:26:12 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:312
Value : Cookie:colonelcommisar@serving-sys.com/
Expires : 12-31-2037 3:00:00 PM
LastSync : Hits:312
UseCount : 0
Hits : 312

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@servedby.advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:colonelcommisar@servedby.advertising.com/
Expires : 11-4-2005 12:40:14 AM
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:colonelcommisar@overture.com/
Expires : 9-20-2015 5:03:12 PM
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@bilbo.counted[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:colonelcommisar@bilbo.counted.com/
Expires : 9-23-2005 5:35:02 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@cgi-bin[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:colonelcommisar@onlineid.bankofamerica.com/cgi-bin/
Expires : 8-25-2005 6:11:48 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@cgi-bin[6].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:21
Value : Cookie:colonelcommisar@www2.addfreestats.com/cgi-bin
Expires : 2-27-2015 5:00:00 PM
LastSync : Hits:21
UseCount : 0
Hits : 21

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@ehg-dig.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:colonelcommisar@ehg-dig.hitbox.com/
Expires : 10-5-2006 12:10:18 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@server.iad.liveperson[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:colonelcommisar@server.iad.liveperson.net/
Expires : 9-20-2006 10:19:38 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@cgi-bin[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:colonelcommisar@www5.addfreestats.com/cgi-bin
Expires : 2-27-2015 5:00:00 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@as1.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:colonelcommisar@as1.falkag.de/
Expires : 10-25-2005 9:03:14 PM
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@citi.bridgetrack[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:50
Value : Cookie:colonelcommisar@citi.bridgetrack.com/
Expires : 9-16-2006 9:00:00 PM
LastSync : Hits:50
UseCount : 0
Hits : 50

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@~~local~~[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:27
Value : Cookie:colonelcommisar@~~local~~/
Expires : 9-28-2006 9:38:36 PM
LastSync : Hits:27
UseCount : 0
Hits : 27

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@paycounter[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:colonelcommisar@paycounter.com/
Expires : 12-30-2030 6:00:00 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:colonelcommisar@www.3dstats.com/cgi-bin
Expires : 2-27-2015 5:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:colonelcommisar@247realmedia.com/
Expires : 10-5-2006 12:17:52 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@ads.pointroll[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:237
Value : Cookie:colonelcommisar@ads.pointroll.com/
Expires : 12-31-2009 5:00:00 PM
LastSync : Hits:237
UseCount : 0
Hits : 237

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:colonelcommisar@mediaplex.com/
Expires : 6-21-2009 5:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:colonelcommisar@atdmt.com/
Expires : 10-3-2010 5:00:00 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@maxserving[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:18
Value : Cookie:colonelcommisar@maxserving.com/
Expires : 9-26-2015 1:13:34 AM
LastSync : Hits:18
UseCount : 0
Hits : 18

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@centrport[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:colonelcommisar@centrport.net/
Expires : 12-31-2029 5:00:00 PM
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:991
Value : Cookie:colonelcommisar@2o7.net/
Expires : 10-4-2010 12:41:30 AM
LastSync : Hits:991
UseCount : 0
Hits : 991

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@katu.adbureau[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:colonelcommisar@katu.adbureau.net/
Expires : 2-28-2007 5:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:colonelcommisar@hitbox.com/
Expires : 10-5-2006 12:10:18 AM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@perf.overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:colonelcommisar@perf.overture.com/
Expires : 9-16-2009 4:28:32 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@cc.bridgetrack[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:colonelcommisar@cc.bridgetrack.com/
Expires : 8-31-2006 9:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@bs.serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie:colonelcommisar@bs.serving-sys.com/
Expires : 1-1-2038 1:00:00 AM
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@ads.addynamix[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:50
Value : Cookie:colonelcommisar@ads.addynamix.com/
Expires : 10-4-2005 11:25:04 AM
LastSync : Hits:50
UseCount : 0
Hits : 50

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@valueclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:colonelcommisar@valueclick.com/
Expires : 9-29-2030 12:47:02 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@as-us.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:587
Value : Cookie:colonelcommisar@as-us.falkag.net/
Expires : 9-28-2006 6:14:30 PM
LastSync : Hits:587
UseCount : 0
Hits : 587

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@cgi-bin[5].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:29
Value : Cookie:colonelcommisar@imrworldwide.com/cgi-bin
Expires : 10-3-2015 12:47:58 AM
LastSync : Hits:29
UseCount : 0
Hits : 29

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@hc2.humanclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:colonelcommisar@hc2.humanclick.com/
Expires : 9-22-2006 5:20:02 PM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:28
Value : Cookie:colonelcommisar@statcounter.com/
Expires : 9-27-2010 6:15:12 PM
LastSync : Hits:28
UseCount : 0
Hits : 28

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@bfast[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:colonelcommisar@bfast.com/
Expires : 10-5-2025 10:20:48 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@z1.adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:81
Value : Cookie:colonelcommisar@z1.adserver.com/
Expires : 10-5-2006 12:46:36 AM
LastSync : Hits:81
UseCount : 0
Hits : 81

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@questionmarket[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:colonelcommisar@questionmarket.com/
Expires : 11-26-2006 1:35:38 AM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:77
Value : Cookie:colonelcommisar@zedo.com/
Expires : 8-24-2015 3:47:56 PM
LastSync : Hits:77
UseCount : 0
Hits : 77

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@apmebf[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:colonelcommisar@apmebf.com/
Expires : 9-21-2010 5:34:12 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@clickbank[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:colonelcommisar@clickbank.net/
Expires : 4-2-2006 12:22:44 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colonelcommisar@servedby.netshelter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:colonelcommisar@servedby.netshelter.net/
Expires : 10-11-2005 12:07:58 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 57
Objects found so far: 57



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 57


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 57




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 57

10:39:00 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:16:41.94
Objects scanned:199499
Objects identified:57
Objects ignored:0
New critical objects:57
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please don't post the Ad-aware log unless we ask for it specifically. As you can see, it takes up a lot of space here and that's not necessary. All you have to do is select all the objects and delete/quarantine them.

Now where are the logs that I asked for earlier?
  • 0

#5
ChaosApothecary

ChaosApothecary

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Ah, very sorry about that, I misread and though I was supposed to post it as well.
I ran the PandaActive Scan (which caused my computer to freeze up and crash for some unknown reason) I restarted and ran it again, it ran fine and came up with nothing wrong (I didnt see a list to print out, but it displayed 0's next to all the thing's found.)

The Vundo.txt is as follows:

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Suspending PID 136 'smss.exe'
Threads [140][144][148]

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1384 'explorer.exe'
Killing PID 1384 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 208 'winlogon.exe'
Killing PID 208 'winlogon.exe'
Killing PID 208 'winlogon.exe'
Killing PID 208 'winlogon.exe'
Killing PID 208 'winlogon.exe'
File Deleted sucessfully.
Files Deleted sucessfully.

And the HiJackThis Scan reported the following:
Logfile of HijackThis v1.99.1
Scan saved at 1:45:54 PM, on 10/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Linksys Wireless Guard\WscNetMgrSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys Wireless Guard\WscGuard.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toshibadirect.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Linksys Wireless Guard.lnk = C:\Program Files\Linksys Wireless Guard\WscGuard.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\AIM.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://dcon.futurema...lobal/msc37.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Linksys Wireless Guard Network Manager Service (WSCNetManager) - Wireless Security Corporation - C:\Program Files\Linksys Wireless Guard\WscNetMgrSvc.exe


On the plus side, since running Vundo, the Winfixer hasn't shown up again when I open Internet Explorer.
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Your log is clean.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP