Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Surf Sidekick problem - can't remove [RESOLVED]

Started by qwertygrrl , Nov 13 2005 12:12 PM

  • This topic is locked This topic is locked

#16
don77
Posted 16 November 2005 - 09:23 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi there sorry for the delay in response,

*Please open notepad and save these instructions, Name it something you will remember
*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINNT\SYSTEM32\r7qghih2.exe
C:\WINNT\SYSTEM32\r7qghih2.ini
C:\WINNT\SYSTEM32\7bf3nsts.ini
C:\WINNT\SYSTEM32\pml8g2o3.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\jxxz.exe
C:\Documents and Settings\anne\Application Data\Sskcwrd.dll
C:\Documents and Settings\anne\Application Data\Sskknwrd.dll
C:\WINNT\system32\nyptools.dll
C:\WINNT\system32\wffmw.dll
C:\WINNT\system32\cwwacy.exe

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

Your computer should restart automatically if not please restart manually.

Post back a fresh WinPFind log please
  • 0

Advertisements

#17
qwertygrrl
Posted 16 November 2005 - 10:04 PM

qwertygrrl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows 2000 Current Build: Service Pack 4 Current Build Number: 2195
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...
UPX! 10/22/2004 11:20:24 PM 1896256 C:\Program Files\TextTwist-Setup.exe

Checking %WinDir% folder...

Checking %System% folder...
Umonitor 01/12/2005 12:39:46 PM 531216 C:\WINNT\SYSTEM32\RASDLG.DLL
PECompact2 11/01/2005 11:34:18 PM 2368864 C:\WINNT\SYSTEM32\MRT.exe
aspack 11/01/2005 11:34:18 PM 2368864 C:\WINNT\SYSTEM32\MRT.exe
winsync 12/07/1999 12:00:00 PM 1309184 C:\WINNT\SYSTEM32\wbdbase.deu
PTech 07/12/2005 5:50:44 PM 520456 C:\WINNT\SYSTEM32\LegitCheckControl.DLL

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
11/16/2005 10:02:28 PM H 24 C:\WINNT\ppHvf
11/13/2005 1:16:02 PM H 54156 C:\WINNT\QTFont.qfn
11/16/2005 9:59:50 PM H 1024 C:\WINNT\system32\config\software.LOG
11/16/2005 9:55:56 PM H 1024 C:\WINNT\system32\config\default.LOG
11/16/2005 9:54:34 PM H 1024 C:\WINNT\system32\config\SECURITY.LOG
11/16/2005 9:53:04 PM H 1024 C:\WINNT\system32\config\SAM.LOG
11/16/2005 9:53:04 PM H 6 C:\WINNT\Tasks\SA.DAT
11/16/2005 9:53:04 PM S 64 C:\WINNT\CSC\00000001
11/12/2005 8:22:16 AM S 64 C:\WINNT\CSC\00000002

Checking for CPL files...
Microsoft Corporation 06/19/2003 2:05:04 PM 301328 C:\WINNT\SYSTEM32\appwiz.cpl
Microsoft Corporation 06/19/2003 2:05:04 PM 125712 C:\WINNT\SYSTEM32\SYSDM.CPL
Microsoft Corporation 12/07/1999 12:00:00 PM 31504 C:\WINNT\SYSTEM32\fax.cpl
Microsoft Corporation 12/07/1999 12:00:00 PM 128272 C:\WINNT\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 12/07/1999 12:00:00 PM 118032 C:\WINNT\SYSTEM32\intl.cpl
Microsoft Corporation 12/07/1999 12:00:00 PM 36112 C:\WINNT\SYSTEM32\irprops.cpl
Microsoft Corporation 12/07/1999 12:00:00 PM 122128 C:\WINNT\SYSTEM32\main.cpl
Microsoft Corporation 12/07/1999 12:00:00 PM 303888 C:\WINNT\SYSTEM32\mmsys.cpl
Microsoft Corporation 12/07/1999 12:00:00 PM 17168 C:\WINNT\SYSTEM32\ncpa.cpl
Microsoft Corporation 12/07/1999 12:00:00 PM 41232 C:\WINNT\SYSTEM32\nwc.cpl
Microsoft Corporation 06/19/2003 2:05:04 PM 41232 C:\WINNT\SYSTEM32\odbccp32.cpl
NVIDIA Corporation 10/06/2003 3:16:00 PM 73728 C:\WINNT\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 06/19/2003 2:05:04 PM 90896 C:\WINNT\SYSTEM32\powercfg.cpl
Microsoft Corporation 06/19/2003 2:05:04 PM 83216 C:\WINNT\SYSTEM32\sticpl.cpl
Microsoft Corporation 12/07/1999 12:00:00 PM 5904 C:\WINNT\SYSTEM32\telephon.cpl
Microsoft Corporation 12/07/1999 12:00:00 PM 61200 C:\WINNT\SYSTEM32\timedate.cpl
Microsoft Corporation 12/07/1999 12:00:00 PM 67344 C:\WINNT\SYSTEM32\access.cpl
11/19/1999 1:54:12 PM 155648 C:\WINNT\SYSTEM32\PPPoEService.cpl
Microsoft Corporation 08/29/2002 7:14:40 AM 292352 C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation 10/30/2001 8:10:00 AM 326144 C:\WINNT\SYSTEM32\joy.cpl
Microsoft Corporation 05/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 06/19/2003 2:05:04 PM 237328 C:\WINNT\SYSTEM32\DESK.CPL
Microsoft Corporation 05/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\dllcache\wuaucpl.cpl
Microsoft Corporation 12/07/1999 12:00:00 PM 41232 C:\WINNT\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 01/12/2005 12:40:00 PM 64784 C:\WINNT\SYSTEM32\dllcache\msmq.cpl
Microsoft Corporation 08/29/2002 7:14:40 AM 292352 C:\WINNT\SYSTEM32\dllcache\inetcpl.cpl
IBM Corporation 09/23/1999 6:44:36 PM 94208 C:\WINNT\SYSTEM32\dllcache\mwcpa32.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
11/05/2005 2:47:38 PM 710 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
11/05/2005 2:47:42 PM 1562 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
11/05/2005 2:47:42 PM 556 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
11/05/2005 2:47:38 PM 1478 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
11/05/2005 2:47:40 PM 1537 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
11/05/2005 2:47:40 PM 1342 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
09/26/2005 9:46:52 PM 1189 C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...
05/13/2005 8:15:48 PM 0 C:\Documents and Settings\anne\Application Data\dm.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
acc=none =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{A4E596F7-3742-40AA-89A8-9646F31D06E9} = C:\WINNT\system32\nyptools.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\xffyxggn
{1e7e125f-7444-42ad-8236-cc323154c0bd} = C:\WINNT\system32\wffmw.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\Common\ymmapi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= C:\WINNT\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7f9609be-af9a-11d1-83e0-00c04fb6e984}
= %SystemRoot%\system32\faxshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINNT\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{FED7043D-346A-414D-ACD7-550D052499A7}
= C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINNT\system32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2499216C-4BA5-11D5-BD9C-000103C116D5}
ButtonText = Yahoo! Login :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Companion : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
{4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Motive SmartBridge C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
SSC_UserPrompt C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
NvCplDaemon RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
IPInSightMonitor 01 "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
HP Software Update "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Synchronization Manager mobsync.exe /logon
winsync C:\WINNT\system32\cwwacy.exe reg_run

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 149
CDRAutoRun 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Network.ConnectionTray {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 11/16/2005 10:02:43 PM
  • 0

#18
don77
Posted 17 November 2005 - 05:34 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Could you run FindQoologic again lets see if it will run now that we cleaned it up a bit,
If it comes up empty again could you try running it in safe mode please,

Open the FindQoologic folder. Preferable to your desktop.
Locate and double-click the Find-Qoologic.bat file to run it.
Choose option 1 for Run Findqoologic by typing 1 and pressing enter.
This will scan your system.
Wait until a text opens.
Post this in your next reply
  • 0

#19
qwertygrrl
Posted 17 November 2005 - 11:05 PM

qwertygrrl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Find Qoologic last edited 11/11/2005
Running from
C:\unzipped\Find-Qoologic\Find-Qoologic
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» startup files»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»»

(fstarts by IMM - test ver. 0.001) NOT using address check -- 0x77f8883c

Global Startup:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
.
..
Microsoft Office.lnk
Adobe Gamma Loader.lnk
WinZip Quick Pick.lnk
SBC Self Support Tool.lnk
HP Digital Imaging Monitor.lnk
HP Image Zone Fast Start.lnk

User Startup:
C:\Documents and Settings\anne\Start Menu\Programs\Startup
.
..

»»»»» Search by size and name...
»»»»» Files found by this method are not necessarily bad...

.....
.....
SteelWerX Registry Console Tool RC-2
Written by Bobbi Flekman
.....
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\xffyxggn]
@="{1e7e125f-7444-42ad-8236-cc323154c0bd}"

[-HKEY_CLASSES_ROOT\CLSID\{incert csdl here}]
[-HKEY_CLASSES_ROOT\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}]
[-HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}]
.....
[HKEY_LOCAL_MACHINE\Software\qstat]
.....
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winsync"="C:\\WINNT\\system32\\cwwacy.exe reg_run"
.....
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}]
  • 0

#20
don77
Posted 18 November 2005 - 07:19 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Can you try something for me here please
Check Nortons for updates please, Run a full system scan in Noraml mode, Allow it to fix anything it finds,

Next reboot your computer
Post back a fresh Find-Qoologic log and a fresh HJT log please
  • 0

#21
qwertygrrl
Posted 18 November 2005 - 09:04 PM

qwertygrrl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Qoologic:

Find Qoologic last edited 11/11/2005
Running from
C:\Documents and Settings\anne\Desktop\Find-Qoologic
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» startup files»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»»

(fstarts by IMM - test ver. 0.001) NOT using address check -- 0x77f8883c

Global Startup:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
.
..
Microsoft Office.lnk
Adobe Gamma Loader.lnk
WinZip Quick Pick.lnk
SBC Self Support Tool.lnk
HP Digital Imaging Monitor.lnk
HP Image Zone Fast Start.lnk

User Startup:
C:\Documents and Settings\anne\Start Menu\Programs\Startup
.
..

»»»»» Search by size and name...
»»»»» Files found by this method are not necessarily bad...

.....
.....
SteelWerX Registry Console Tool RC-2
Written by Bobbi Flekman
.....
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\xffyxggn]
@="{1e7e125f-7444-42ad-8236-cc323154c0bd}"

[-HKEY_CLASSES_ROOT\CLSID\{incert csdl here}]
[-HKEY_CLASSES_ROOT\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}]
[-HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}]
.....
[HKEY_LOCAL_MACHINE\Software\qstat]
.....
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winsync"="C:\\WINNT\\system32\\cwwacy.exe reg_run"
.....
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}]

Hijack This

Logfile of HijackThis v1.99.1
Scan saved at 8:59:55 PM, on 11/18/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\WINNT\system32\notepad.exe
C:\Documents and Settings\anne\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32\Searchx.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f814.mail....0&view=a&head=b
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\cwwacy.exe reg_run
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia...ll/pcs_0002.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://riverbelle.m...lle/FlashAX.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#22
don77
Posted 18 November 2005 - 10:05 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Nortons finding anything ?


Please go Here
Download Reglite, Open Reistrar Lite,
Open the program, Click Ctrl and f, this will open search registry. In the upper box type or copy and paste,
cwwacy.exe
Click on the search Button, When it finds the file or files and anything associated with it, Highlight it and click Delete the large red x on the bottom of the box.

Post back a fresh Find-Qoologic
  • 0

#23
qwertygrrl
Posted 18 November 2005 - 10:18 PM

qwertygrrl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Sorry, forgot to mention that, Norton did find 2 viruses and removed them. Here is a new Qoologic and a new HJT:

Find Qoologic last edited 11/11/2005
Running from
C:\Documents and Settings\anne\Desktop\Find-Qoologic
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» startup files»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»»

(fstarts by IMM - test ver. 0.001) NOT using address check -- 0x77f8883c

Global Startup:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
.
..
Microsoft Office.lnk
Adobe Gamma Loader.lnk
WinZip Quick Pick.lnk
SBC Self Support Tool.lnk
HP Digital Imaging Monitor.lnk
HP Image Zone Fast Start.lnk

User Startup:
C:\Documents and Settings\anne\Start Menu\Programs\Startup
.
..

»»»»» Search by size and name...
»»»»» Files found by this method are not necessarily bad...

.....
.....
SteelWerX Registry Console Tool RC-2
Written by Bobbi Flekman
.....
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\xffyxggn]
@="{1e7e125f-7444-42ad-8236-cc323154c0bd}"

[-HKEY_CLASSES_ROOT\CLSID\{incert csdl here}]
[-HKEY_CLASSES_ROOT\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}]
[-HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}]
.....
[HKEY_LOCAL_MACHINE\Software\qstat]
.....
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
.....
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}]

HJT

Logfile of HijackThis v1.99.1
Scan saved at 10:18:22 PM, on 11/18/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe
C:\WINNT\System32\rsvp.exe
C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\anne\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32\Searchx.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f814.mail....0&view=a&head=b
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia...ll/pcs_0002.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://riverbelle.m...lle/FlashAX.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#24
don77
Posted 18 November 2005 - 10:39 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
:tazz:
Good job

Couple things left to have HJT fix

Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32\Searchx.htm
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)


Reboot post back a fresh HJT log please,
Let me know how your computer is running
  • 0

#25
qwertygrrl
Posted 19 November 2005 - 12:02 AM

qwertygrrl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I ran HJT and the log is below. Everything is running very well, but I ran Ewido just to make sure, and it turned up 20 issues, most seriously something called Chitika, which it removed, however it's found that before and removed it. Is Chitika something that I'm just getting as a recurrence or is it hiding in my system? Should I be worried about it and will it wreak havoc?

Logfile of HijackThis v1.99.1
Scan saved at 11:57:29 PM, on 11/18/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe
C:\WINNT\System32\rsvp.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPClient.exe
C:\Documents and Settings\anne\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f814.mail....0&view=a&head=b
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia...ll/pcs_0002.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://riverbelle.m...lle/FlashAX.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements

#26
don77
Posted 19 November 2005 - 10:34 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Can you save me the report.text next time you run Ewido please, It might just be cookies from a site your visiting, But I would like to be sure,

But your HJT log looks fine

How is it running ?
Please use the following suggestion to help prevent reinfection


Download the following program, For keeping crap off your system to begin with
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer.
Download Spyware Blaster

Keep AD-Aware. and Spybot 1.3 handy, Check them for updates prior to running and run them weekly
Same with your Anti Virus,

For an added check run an online virus scan, you can use one of the 2 below,
TrendMicro's HouseCall
ActiveScan

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.
Click Start | Run | type in cleanmgr | OK

Let it scan your system for files to remove.

Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.

Press OK to remove them.


Remeber to Check Windows for updates

Probably a good time to create a new restore point See Here for XP

See Here for ME Name it clean or something like that,
  • 0

#27
qwertygrrl
Posted 19 November 2005 - 04:05 PM

qwertygrrl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi, I ran Ad-Aware just now and it found several instances of Surf Sidekick.... how is this possible? I am posting the log and deleting all critical objects mentioned by Ad-aware. It seems like my system is running pretty well right now, so I was surprised by the Ad-aware results. What are your thoughts?


Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, November 19, 2005 11:15:35 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R75 15.11.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CmdServices(TAC index:4):9 total references
MRU List(TAC index:0):10 total references
SurfSideKickBHO(TAC index:7):3 total references
Tracking Cookie(TAC index:3):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R74 09.11.2005
Internal build : 86
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 540082 Bytes
Total size : 1622678 Bytes
Signature data size : 1589004 Bytes
Reference data size : 33162 Bytes
Signatures total : 45269
CSI Fingerprints total : 1076
CSI data size : 30430 Bytes
Target categories : 15
Target families : 772

11-19-2005 11:14:43 AM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R75 15.11.2005
Internal build : 87
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 546018 Bytes
Total size : 1639939 Bytes
Signature data size : 1606071 Bytes
Reference data size : 33356 Bytes
Signatures total : 45707
CSI Fingerprints total : 1103
CSI data size : 31460 Bytes
Target categories : 15
Target families : 782


11-19-2005 11:14:56 AM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:31 %
Total physical memory:392272 kb
Available physical memory:119352 kb
Total page file size:940976 kb
Available on page file:620100 kb
Total virtual memory:2097024 kb
Available virtual memory:2040100 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


11-19-2005 11:15:35 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\anne\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-2111687655-1060284298-1000\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-2111687655-1060284298-1000\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-2111687655-1060284298-1000\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-2111687655-1060284298-1000\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-2111687655-1060284298-1000\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-2111687655-1060284298-1000\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-2111687655-1060284298-1000\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-2111687655-1060284298-1000\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 152
ThreadCreationTime : 11-19-2005 5:30:08 AM
BasePriority : Normal


#:2 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : n/a
ProcessID : 172
ThreadCreationTime : 11-19-2005 5:30:15 AM
BasePriority : High


#:3 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : n/a
ProcessID : 224
ThreadCreationTime : 11-19-2005 5:30:17 AM
BasePriority : Normal
FileVersion : 5.00.2195.7035
ProductVersion : 5.00.2195.7035
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:4 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : n/a
ProcessID : 236
ThreadCreationTime : 11-19-2005 5:30:17 AM
BasePriority : Normal
FileVersion : 5.00.2195.7011
ProductVersion : 5.00.2195.7011
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:5 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : n/a
ProcessID : 416
ThreadCreationTime : 11-19-2005 5:30:23 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:6 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : n/a
ProcessID : 448
ThreadCreationTime : 11-19-2005 5:30:26 AM
BasePriority : Normal
FileVersion : 5.00.2195.7059
ProductVersion : 5.00.2195.7059
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:7 [acsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
Command Line : n/a
ProcessID : 484
ThreadCreationTime : 11-19-2005 5:30:27 AM
BasePriority : Normal


#:8 [ccsetmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : n/a
ProcessID : 528
ThreadCreationTime : 11-19-2005 5:30:31 AM
BasePriority : Normal
FileVersion : 103.0.5.2
ProductVersion : 103.0.5.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:9 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : n/a
ProcessID : 548
ThreadCreationTime : 11-19-2005 5:30:33 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:10 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : n/a
ProcessID : 564
ThreadCreationTime : 11-19-2005 5:30:33 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:11 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : n/a
ProcessID : 264
ThreadCreationTime : 11-19-2005 5:30:35 AM
BasePriority : Normal
FileVersion : 11.0.16.2
ProductVersion : 11.0.16
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:12 [npfmntor.exe]
ModuleName : C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
Command Line : n/a
ProcessID : 680
ThreadCreationTime : 11-19-2005 5:30:40 AM
BasePriority : Normal
FileVersion : 11.0.16.2
ProductVersion : 11.0.16
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE

#:13 [nvsvc32.exe]
ModuleName : C:\WINNT\system32\nvsvc32.exe
Command Line : n/a
ProcessID : 728
ThreadCreationTime : 11-19-2005 5:30:41 AM
BasePriority : Normal
FileVersion : 6.14.10.5216
ProductVersion : 6.14.10.5216
ProductName : NVIDIA Driver Helper Service, Version 52.16
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 52.16
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:14 [pppoeservice.exe]
ModuleName : C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
Command Line : n/a
ProcessID : 784
ThreadCreationTime : 11-19-2005 5:30:43 AM
BasePriority : Normal


#:15 [regsvc.exe]
ModuleName : C:\WINNT\system32\regsvc.exe
Command Line : n/a
ProcessID : 812
ThreadCreationTime : 11-19-2005 5:30:44 AM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:16 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : n/a
ProcessID : 860
ThreadCreationTime : 11-19-2005 5:30:45 AM
BasePriority : Normal
FileVersion : 4.71.2195.6972
ProductVersion : 4.71.2195.6972
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:17 [sndsrvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Command Line : n/a
ProcessID : 880
ThreadCreationTime : 11-19-2005 5:30:47 AM
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:18 [spbbcsvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Command Line : n/a
ProcessID : 948
ThreadCreationTime : 11-19-2005 5:30:50 AM
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:19 [stisvc.exe]
ModuleName : C:\WINNT\system32\stisvc.exe
Command Line : n/a
ProcessID : 968
ThreadCreationTime : 11-19-2005 5:30:51 AM
BasePriority : Normal
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE

#:20 [symlcsvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Command Line : n/a
ProcessID : 1016
ThreadCreationTime : 11-19-2005 5:30:57 AM
BasePriority : Normal
FileVersion : 1.8.54.841
ProductVersion : 1.8.54.841
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:21 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : n/a
ProcessID : 1088
ThreadCreationTime : 11-19-2005 5:31:04 AM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:22 [explorer.exe]
ModuleName : C:\WINNT\Explorer.EXE
Command Line : C:\WINNT\Explorer.EXE
ProcessID : 1116
ThreadCreationTime : 11-19-2005 5:31:04 AM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:23 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : n/a
ProcessID : 1144
ThreadCreationTime : 11-19-2005 5:31:06 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:24 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : n/a
ProcessID : 1156
ThreadCreationTime : 11-19-2005 5:31:06 AM
BasePriority : Normal
FileVersion : 103.0.5.2
ProductVersion : 103.0.5.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:25 [motivesb.exe]
ModuleName : C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
Command Line : "C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe"
ProcessID : 1340
ThreadCreationTime : 11-19-2005 5:31:20 AM
BasePriority : Normal
FileVersion : 5.6.7.asst_classic.smartbridge.20031210_035000
ProductVersion : 5.6.7.asst_classic.smartbridge
ProductName : Motive System
CompanyName : Motive Communications, Inc.
FileDescription : SBC Self Support Tool Alerts
InternalName : version
LegalCopyright : Copyright 1998-2003
OriginalFilename : version

#:26 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : n/a
ProcessID : 1368
ThreadCreationTime : 11-19-2005 5:31:21 AM
BasePriority : Normal
FileVersion : 103.0.5.2
ProductVersion : 103.0.5.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:27 [ipmon32.exe]
ModuleName : C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe
Command Line : "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
ProcessID : 648
ThreadCreationTime : 11-19-2005 5:31:22 AM
BasePriority : Normal
FileVersion : 5.5.33.226
ProductVersion : 5.5.33.226
ProductName : Visual IP InSight
CompanyName : Visual Networks
FileDescription : IP Monitor
InternalName : IPMON32
LegalCopyright : Copyright © 1996-2001 Visual Networks Technologies, Inc.
OriginalFilename : ipmon32.exe

#:28 [hpwuschd2.exe]
ModuleName : C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Command Line : "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
ProcessID : 1388
ThreadCreationTime : 11-19-2005 5:31:23 AM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : HP Software Update Application
CompanyName : Hewlett-Packard Company
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd.exe

#:29 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 1408
ThreadCreationTime : 11-19-2005 5:31:24 AM
BasePriority : Normal
FileVersion : 6.0.0.18
ProductVersion : 6.0.0.18
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:30 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1416
ThreadCreationTime : 11-19-2005 5:31:25 AM
BasePriority : Normal
FileVersion : 7.0.3
ProductVersion : QuickTime 7.0.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2005
OriginalFilename : QTTask.exe

#:31 [wzqkpick.exe]
ModuleName : C:\Program Files\WinZip\WZQKPICK.EXE
Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE"
ProcessID : 1528
ThreadCreationTime : 11-19-2005 5:31:29 AM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6224)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:32 [hpqtra08.exe]
ModuleName : C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Command Line : "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"
ProcessID : 1580
ThreadCreationTime : 11-19-2005 5:31:31 AM
BasePriority : Normal
FileVersion : 45.4.157.000
ProductVersion : 045.004.157.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor

#:33 [mpbtn.exe]
ModuleName : C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
Command Line : "C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe"
ProcessID : 1484
ThreadCreationTime : 11-19-2005 5:31:50 AM
BasePriority : Normal


#:34 [hpqgalry.exe]
ModuleName : C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
Command Line : "C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe" -s
ProcessID : 1864
ThreadCreationTime : 11-19-2005 5:32:12 AM
BasePriority : Normal


#:35 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : n/a
ProcessID : 1176
ThreadCreationTime : 11-19-2005 5:33:09 AM
BasePriority : Normal
FileVersion : 6.0.0.18
ProductVersion : 6.0.0.18
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:36 [ycommon.exe]
ModuleName : C:\PROGRA~1\YAHOO!\browser\ycommon.exe
Command Line : C:\PROGRA~1\YAHOO!\browser\ycommon.exe -Embedding
ProcessID : 476
ThreadCreationTime : 11-19-2005 5:48:00 AM
BasePriority : Normal
FileVersion : 2003, 9, 3, 1
ProductVersion : 1, 0, 0, 1
ProductName : YCommon Exe Module
CompanyName : Yahoo!, Inc.
FileDescription : YCommon Exe Module
InternalName : YCommonExe
LegalCopyright : Copyright 2003 Yahoo! Inc.
OriginalFilename : YCommon.EXE

#:37 [rsvp.exe]
ModuleName : C:\WINNT\System32\rsvp.exe
Command Line : n/a
ProcessID : 296
ThreadCreationTime : 11-19-2005 5:48:20 AM
BasePriority : Normal
FileVersion : 5.00.2195.6663
ProductVersion : 5.00.2195.6663
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft RSVP 1.0
InternalName : rsvp.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : rsvp.exe

#:38 [ybrwicon.exe]
ModuleName : C:\Program Files\Yahoo!\browser\ybrwicon.exe
Command Line : "C:\Program Files\Yahoo!\browser\ybrwicon.exe"
ProcessID : 1804
ThreadCreationTime : 11-19-2005 5:48:21 AM
BasePriority : Normal
FileVersion : 2003, 7, 11, 1
ProductVersion : 1, 0, 0, 1
ProductName : Yahoo!, Inc. YBrwIcon
CompanyName : Yahoo!, Inc.
FileDescription : YBrwIcon
InternalName : YBrwIcon
LegalCopyright : Copyright © 2003
OriginalFilename : YBrwIcon.exe

#:39 [aim.exe]
ModuleName : C:\Program Files\AIM\aim.exe
Command Line : "C:\Program Files\AIM\aim.exe"
ProcessID : 632
ThreadCreationTime : 11-19-2005 3:48:09 PM
BasePriority : Normal
FileVersion : 5.5.3595
ProductVersion : 5.5.3595
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:40 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1836
ThreadCreationTime : 11-19-2005 5:13:47 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:41 [ybrowser.exe]
ModuleName : C:\Program Files\Yahoo!\browser\ybrowser.exe
Command Line : "C:\Program Files\Yahoo!\browser\ybrowser.exe"
ProcessID : 1820
ThreadCreationTime : 11-19-2005 5:13:55 PM
BasePriority : Normal
FileVersion : 2003, 10, 22, 2
ProductVersion : 3, 0, 2, 0
ProductName : Yahoo! Browser
CompanyName : Yahoo!, Inc.
FileDescription : Yahoo! Browser
InternalName : YBrowser
LegalCopyright : Copyright © 2002-2003 Yahoo! Inc.
OriginalFilename : YBrowser.EXE

#:42 [enternet.exe]
ModuleName : C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe
Command Line : n/a
ProcessID : 2100
ThreadCreationTime : 11-19-2005 5:14:03 PM
BasePriority : Normal


#:43 [ipclient.exe]
ModuleName : C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPClient.exe
Command Line : -w
ProcessID : 696
ThreadCreationTime : 11-19-2005 5:14:13 PM
BasePriority : Normal
FileVersion : 5.5.33.226
ProductVersion : 5.5.33.226
ProductName : Visual IP InSight
CompanyName : Visual Networks
FileDescription : IP Session Statistics
InternalName : IPCLIENT
LegalCopyright : Copyright © 1996-2001 Visual Networks Technologies, Inc.
OriginalFilename : ipclient32.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

SurfSideKickBHO Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 11

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anne@realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 12-31-2020 6:00:00 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anne@apmebf[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 11-15-2010 11:39:30 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 11-17-2006 10:42:02 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anne@inet-traffic[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 11-12-2010 5:55:16 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 12-30-2037 10:00:00 AM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 16



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CmdServices Object Recognized!
Type : File
Data : atmtd.dll
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINNT\system32\



CmdServices Object Recognized!
Type : File
Data : atmtd.dll._
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINNT\system32\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 18




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

SurfSideKickBHO Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\surfsidekick3

SurfSideKickBHO Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\surfsidekick3 CmdServices Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}

CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}
Value : DisplayName

CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}
Value : DisplayVersion

CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}
Value : NoModify

CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}
Value : NoRemove

CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}
Value : NoRepair

CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}
Value : UninstallString

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 27

11:25:39 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:03.568
Objects scanned:86024
Objects identified:17
Objects ignored:0
New critical objects:17


[color=#3333FF]
  • 0

#28
don77
Posted 20 November 2005 - 10:13 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Go ahead and have Ad-aware fix all it finds, then run a new scan and see what it comes back with
  • 0

#29
qwertygrrl
Posted 21 November 2005 - 09:42 PM

qwertygrrl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I ran Ad-aware again, and it came back having found something called Fizzle, so I deleted that, and then ran it again and now it's clean.
  • 0

#30
don77
Posted 22 November 2005 - 05:41 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
:tazz: Excellent
How is it running now ?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP