Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

st3.dll [CLOSED]


  • This topic is locked This topic is locked

#1
dutchdummy

dutchdummy

    Member

  • Member
  • PipPip
  • 25 posts
since november 7 my pc is having troubles, although i do run mcafee 9, ad-aware, spybot-search & destroy and xsoft daily
i found the nasty bugger in C:\Windows\System32 as st3.dll
it doesn't let itself be removed
from november 7 till november i constantly got winfix bugs, which i didn't opne, but they came up and up in 3 stages, i removed the url through ctrl, alt, del
since today it got worse, even mcafee finally recognised it and i get more popups, IE or Mozilla abruptly ends all the time and i am being directed to commercial sites frequently
does anyone know how i can remove that st3.dll thing? wouold that end it all?
i am so pleased if someone could effectively help me solving this, it's driving me nuts
thanks so much in advance, as my name already says, unfortunately, i am not a pc nerd:-(
thanks,
jakob
e-mail address removed. infaddict

Edited by infaddict, 24 November 2005 - 06:55 AM.

  • 0

Advertisements


#2
infaddict

infaddict

    Visiting Staff

  • Member
  • PipPipPip
  • 734 posts
Hi dutchdummy and welcome to Geeks To Go :)

Please follow the steps outlined in this thread and then if you are still having problems, you need to use a product called HijackThis to provide us with more info (this is explained in the linked topic).

If you still have a problem after following those instructions, please to this thread with a HijackThis log.

:tazz:
  • 0

#3
dutchdummy

dutchdummy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
dear infaddict and others,

I have done everything as you described, had done most of it already, but did it again, except 1 or 2 things i hadn't done as yet.
here is the hijack this logfile:
Logfile of HijackThis v1.99.1
Scan saved at 22:08:56, on 24-11-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Logitech\QuickCam\WebCamRT.exe
C:\Program Files\Grouper\Grouper.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\LVideoS.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\ACD Systems\ACDSee\ACDSee.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c95bd83d2a268baf2b92cca324c3120b\update\update.exe
C:\Documents and Settings\jakob.JAKOB-FRANS\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
O2 - BHO: C:\WINDOWS\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINDOWS\system32\st3.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: C:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B711} - C:\WINDOWS\adsldpbd.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: (no name) - {DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} - C:\WINDOWS\mpatrol.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [WebCamRT.exe] C:\Program Files\Logitech\QuickCam\WebCamRT.exe /WinStart /regkey=Software\Logitech\QuickCam.5\WebCamSettings
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe
O4 - Startup: Grouper.lnk = C:\Program Files\Grouper\Grouper.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O16 - DPF: WebControlDeploy - http://grouper.com/v1/GrouperSetup.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132864607639
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.m...ted/mvt/mvt.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...598/mcfscan.cab
O20 - Winlogon Notify: gg - C:\WINDOWS\adsldpbd.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


I also have 2 logfiles of as-ware:

1)
Ad-Aware SE Build 1.06r1

Logfile Created on:donderdag 24 november 2005 16:52:01

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R76 22.11.2005

换换换换换换换换换换换换换换换换换换换换换换换换换�/font>



References detected during the scan:

换换换换换换换换换换换换换换换换换换换�/font>

Possible Browser Hijack attempt(TAC index:3):1 total references

换换换换换换换换换换换换换换换换换换换�/font>



Ad-Aware SE Settings

===========================

Set : Search for low-risk threats

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file



Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects





24-11-2005 16:52:01 - Scan started. (Smart mode)



Listing running processes

换换换换换换换换换换换换换换换换换换换



#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 420

ThreadCreationTime : 24-11-2005 15:40:39

BasePriority : Normal





#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 484

ThreadCreationTime : 24-11-2005 15:40:42

BasePriority : Normal





#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 508

ThreadCreationTime : 24-11-2005 15:40:43

BasePriority : High





#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 552

ThreadCreationTime : 24-11-2005 15:40:44

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe



#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 564

ThreadCreationTime : 24-11-2005 15:40:44

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe



#:6 [ati2evxx.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 708

ThreadCreationTime : 24-11-2005 15:40:44

BasePriority : Normal





#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 732

ThreadCreationTime : 24-11-2005 15:40:45

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe



#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 800

ThreadCreationTime : 24-11-2005 15:40:45

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe



#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 964

ThreadCreationTime : 24-11-2005 15:40:45

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe



#:10 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1000

ThreadCreationTime : 24-11-2005 15:40:45

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe



#:11 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1080

ThreadCreationTime : 24-11-2005 15:40:45

BasePriority : Normal

FileVersion : 5.1.2600.0 (XPClient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe



#:12 [ati2evxx.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1364

ThreadCreationTime : 24-11-2005 15:40:47

BasePriority : Normal





#:13 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 1420

ThreadCreationTime : 24-11-2005 15:40:47

BasePriority : Normal

FileVersion : 6.00.2600.0000 (xpclient.010817-1148)

ProductVersion : 6.00.2600.0000

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE



#:14 [mcvsshld.exe]

FilePath : C:\PROGRA~1\mcafee.com\vso\

ProcessID : 1552

ThreadCreationTime : 24-11-2005 15:40:48

BasePriority : Normal

FileVersion : 9, 1, 0, 6

ProductVersion : 9, 1, 0, 0

ProductName : McAfee VirusScan

CompanyName : McAfee, Inc.

FileDescription : McAfee VirusScan ActiveShield Resource

InternalName : msvcshld

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : mcvsshld.exe

Comments : McAfee VirusScan ActiveShield Resource



#:15 [mcvsescn.exe]

FilePath : c:\progra~1\mcafee.com\vso\

ProcessID : 1564

ThreadCreationTime : 24-11-2005 15:40:48

BasePriority : Normal

FileVersion : 9, 1, 0, 4

ProductVersion : 9, 1, 0, 0

ProductName : McAfee VirusScan

CompanyName : McAfee, Inc.

FileDescription : McAfee VirusScan E-mail Scan Module

InternalName : mcvsescn

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : mcvsescn.EXE

Comments : McAfee VirusScan E-mail Scan Module



#:16 [ghoststarttrayapp.exe]

FilePath : C:\Program Files\Symantec\Norton Ghost 2003\

ProcessID : 1596

ThreadCreationTime : 24-11-2005 15:40:48

BasePriority : Normal

FileVersion : 2003.775

ProductVersion : 2003.775

ProductName : Norton Ghost Start

CompanyName : Symantec Corporation

FileDescription : Norton Ghost Start

InternalName : GhostStartTrayApp

LegalCopyright : Copyright © 1998-2002 Symantec Corp. All rights reserved.

OriginalFilename : GhostStartTrayApp.exe



#:17 [qttask.exe]

FilePath : C:\Program Files\QuickTime\

ProcessID : 1604

ThreadCreationTime : 24-11-2005 15:40:48

BasePriority : Normal

FileVersion : 6.5.1

ProductVersion : QuickTime 6.5.1

ProductName : QuickTime

CompanyName : Apple Computer, Inc.

InternalName : QuickTime Task

LegalCopyright : © Apple Computer, Inc. 2001-2004

OriginalFilename : QTTask.exe



#:18 [wcescomm.exe]

FilePath : C:\Program Files\Microsoft ActiveSync\

ProcessID : 1636

ThreadCreationTime : 24-11-2005 15:40:49

BasePriority : Normal

FileVersion : 3.6.0.2148

ProductVersion : 3.6.2148

ProductName : Microsoft ActiveSync

CompanyName : Microsoft Corporation

FileDescription : Connection Manager

InternalName : wcescomm

LegalCopyright : Copyright © 1995-2002 Microsoft Corp. All rights reserved.

LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.

OriginalFilename : WCESCOMM.EXE



#:19 [webcamrt.exe]

FilePath : C:\Program Files\Logitech\QuickCam\

ProcessID : 1644

ThreadCreationTime : 24-11-2005 15:40:49

BasePriority : Normal





#:20 [grouper.exe]

FilePath : C:\Program Files\Grouper\

ProcessID : 1660

ThreadCreationTime : 24-11-2005 15:40:49

BasePriority : Normal





#:21 [ymsgr_tray.exe]

FilePath : C:\Program Files\Yahoo!\Messenger\

ProcessID : 1716

ThreadCreationTime : 24-11-2005 15:40:50

BasePriority : Normal





#:22 [ewidoctrl.exe]

FilePath : C:\Program Files\ewido\security suite\

ProcessID : 2000

ThreadCreationTime : 24-11-2005 15:40:55

BasePriority : Normal

FileVersion : 3, 0, 0, 1

ProductVersion : 3, 0, 0, 1

ProductName : ewido control

CompanyName : ewido networks

FileDescription : ewido control

InternalName : ewido control

LegalCopyright : Copyright © 2004

OriginalFilename : ewidoctrl.exe



#:23 [ewidoguard.exe]

FilePath : C:\Program Files\ewido\security suite\

ProcessID : 2020

ThreadCreationTime : 24-11-2005 15:40:56

BasePriority : Normal

FileVersion : 3, 0, 0, 1

ProductVersion : 3, 0, 0, 1

ProductName : guard

CompanyName : ewido networks

FileDescription : guard

InternalName : guard

LegalCopyright : Copyright © 2004

OriginalFilename : guard.exe



#:24 [ghoststartservice.exe]

FilePath : C:\Program Files\Symantec\Norton Ghost 2003\

ProcessID : 232

ThreadCreationTime : 24-11-2005 15:41:00

BasePriority : Normal

FileVersion : 2003.775

ProductVersion : 2003.775

ProductName : Norton Ghost Start Service

CompanyName : Symantec Corporation

FileDescription : Norton Ghost Start

InternalName : GhostStartService

LegalCopyright : Copyright © 1998-2002 Symantec Corp. All rights reserved.

OriginalFilename : GhostStartService.exe



#:25 [mcvsrte.exe]

FilePath : c:\PROGRA~1\mcafee.com\vso\

ProcessID : 252

ThreadCreationTime : 24-11-2005 15:41:00

BasePriority : Normal

FileVersion : 9, 1, 0, 8

ProductVersion : 9, 1, 0, 0

ProductName : McAfee VirusScan

CompanyName : McAfee, Inc

FileDescription : McAfee VirusScan Real-time Engine

InternalName : mcvsrte

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : mcvsrte.exe

Comments : McAfee VirusScan Real-time Engine



#:26 [smagent.exe]

FilePath : C:\Program Files\Analog Devices\SoundMAX\

ProcessID : 392

ThreadCreationTime : 24-11-2005 15:41:00

BasePriority : Normal

FileVersion : 3, 2, 6, 0

ProductVersion : 3, 2, 6, 0

ProductName : SoundMAX service agent

CompanyName : Analog Devices, Inc.

FileDescription : SoundMAX service agent component

InternalName : SMAgent

LegalCopyright : Copyright © 2002

OriginalFilename : SMAgent.exe



#:27 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 448

ThreadCreationTime : 24-11-2005 15:41:01

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe



#:28 [lvideos.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 668

2)
Ad-Aware SE Build 1.06r1
Logfile Created on:donderdag 24 november 2005 18:02:12
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R76 22.11.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


24-11-2005 18:02:13 - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 420
ThreadCreationTime : 24-11-2005 15:40:39
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 484
ThreadCreationTime : 24-11-2005 15:40:42
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 508
ThreadCreationTime : 24-11-2005 15:40:43
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 552
ThreadCreationTime : 24-11-2005 15:40:44
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 564
ThreadCreationTime : 24-11-2005 15:40:44
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 708
ThreadCreationTime : 24-11-2005 15:40:44
BasePriority : Normal


#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 732
ThreadCreationTime : 24-11-2005 15:40:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 800
ThreadCreationTime : 24-11-2005 15:40:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 964
ThreadCreationTime : 24-11-2005 15:40:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1000
ThreadCreationTime : 24-11-2005 15:40:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1080
ThreadCreationTime : 24-11-2005 15:40:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1364
ThreadCreationTime : 24-11-2005 15:40:47
BasePriority : Normal


#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1420
ThreadCreationTime : 24-11-2005 15:40:47
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:14 [mcvsshld.exe]
FilePath : C:\PROGRA~1\mcafee.com\vso\
ProcessID : 1552
ThreadCreationTime : 24-11-2005 15:40:48
BasePriority : Normal
FileVersion : 9, 1, 0, 6
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:15 [mcvsescn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 1564
ThreadCreationTime : 24-11-2005 15:40:48
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:16 [ghoststarttrayapp.exe]
FilePath : C:\Program Files\Symantec\Norton Ghost 2003\
ProcessID : 1596
ThreadCreationTime : 24-11-2005 15:40:48
BasePriority : Normal
FileVersion : 2003.775
ProductVersion : 2003.775
ProductName : Norton Ghost Start
CompanyName : Symantec Corporation
FileDescription : Norton Ghost Start
InternalName : GhostStartTrayApp
LegalCopyright : Copyright © 1998-2002 Symantec Corp. All rights reserved.
OriginalFilename : GhostStartTrayApp.exe

#:17 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1604
ThreadCreationTime : 24-11-2005 15:40:48
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:18 [wcescomm.exe]
FilePath : C:\Program Files\Microsoft ActiveSync\
ProcessID : 1636
ThreadCreationTime : 24-11-2005 15:40:49
BasePriority : Normal
FileVersion : 3.6.0.2148
ProductVersion : 3.6.2148
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : Connection Manager
InternalName : wcescomm
LegalCopyright : Copyright © 1995-2002 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : WCESCOMM.EXE

#:19 [webcamrt.exe]
FilePath : C:\Program Files\Logitech\QuickCam\
ProcessID : 1644
ThreadCreationTime : 24-11-2005 15:40:49
BasePriority : Normal


#:20 [grouper.exe]
FilePath : C:\Program Files\Grouper\
ProcessID : 1660
ThreadCreationTime : 24-11-2005 15:40:49
BasePriority : Normal


#:21 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 1716
ThreadCreationTime : 24-11-2005 15:40:50
BasePriority : Normal


#:22 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 2000
ThreadCreationTime : 24-11-2005 15:40:55
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:23 [ewidoguard.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 2020
ThreadCreationTime : 24-11-2005 15:40:56
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe

#:24 [ghoststartservice.exe]
FilePath : C:\Program Files\Symantec\Norton Ghost 2003\
ProcessID : 232
ThreadCreationTime : 24-11-2005 15:41:00
BasePriority : Normal
FileVersion : 2003.775
ProductVersion : 2003.775
ProductName : Norton Ghost Start Service
CompanyName : Symantec Corporation
FileDescription : Norton Ghost Start
InternalName : GhostStartService
LegalCopyright : Copyright © 1998-2002 Symantec Corp. All rights reserved.
OriginalFilename : GhostStartService.exe

#:25 [mcvsrte.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 252
ThreadCreationTime : 24-11-2005 15:41:00
BasePriority : Normal
FileVersion : 9, 1, 0, 8
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:26 [smagent.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 392
ThreadCreationTime : 24-11-2005 15:41:00
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:27 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 448
ThreadCreationTime : 24-11-2005 15:41:01
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:28 [lvideos.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 668
ThreadCreationTime : 24-11-2005 15:41:02
BasePriority : Normal


#:29 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 856
ThreadCreationTime : 24-11-2005 15:41:04
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:30 [wmiapsrv.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 980
ThreadCreationTime : 24-11-2005 15:41:04
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI Performance Adapter Service
InternalName : WmiApSrv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WmiApSrv.exe

#:31 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1192
ThreadCreationTime : 24-11-2005 15:41:04
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:32 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 1584
ThreadCreationTime : 24-11-2005 15:41:08
BasePriority : High


#:33 [gnotify.exe]
FilePath : C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\
ProcessID : 2372
ThreadCreationTime : 24-11-2005 15:41:38
BasePriority : Normal
FileVersion : 1.0.25.0
ProductVersion : 1.0.25.0
ProductName : Gmail
CompanyName : Google Inc.
FileDescription : Gmail Notifier
LegalCopyright : Copyright © Google Inc. 2004-2005
OriginalFilename : gnotify.exe

#:34 [gnotify.exe]
FilePath : C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\
ProcessID : 2512
ThreadCreationTime : 24-11-2005 15:41:52
BasePriority : Normal
FileVersion : 1.0.25.0
ProductVersion : 1.0.25.0
ProductName : Gmail
CompanyName : Google Inc.
FileDescription : Gmail Notifier
LegalCopyright : Copyright © Google Inc. 2004-2005
OriginalFilename : gnotify.exe

#:35 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2640
ThreadCreationTime : 24-11-2005 15:42:08
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:36 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3188
ThreadCreationTime : 24-11-2005 15:43:26
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:37 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 4028
ThreadCreationTime : 24-11-2005 15:47:36
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:38 [emule.exe]
FilePath : C:\Program Files\eMule\
ProcessID : 3160
ThreadCreationTime : 24-11-2005 16:01:26
BasePriority : Normal
FileVersion : 0.46.2 Unicode
ProductVersion : 0.46.2 Unicode
ProductName : eMule
CompanyName : http://www.emule-project.net
FileDescription : eMule
InternalName : emule.exe
LegalCopyright : Copyright © 2002-2005 Merkur - read license.txt for more infos
OriginalFilename : emule.exe

#:39 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 2860
ThreadCreationTime : 24-11-2005 16:45:35
BasePriority : Normal


#:40 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3120
ThreadCreationTime : 24-11-2005 16:47:05
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:41 [flashget.exe]
FilePath : C:\PROGRA~1\FlashGet\
ProcessID : 3180
ThreadCreationTime : 24-11-2005 16:47:29
BasePriority : Normal
FileVersion : 1, 6, 5, 0
ProductVersion : 1, 6, 5, 0
ProductName : FlashGet
CompanyName : Amaze Soft
FileDescription : FlashGet
InternalName : FlashGet
LegalCopyright : Copyright © 1999-2004 by Amaze Soft
OriginalFilename : flashget.exe

#:42 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2944
ThreadCreationTime : 24-11-2005 16:55:27
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Trusted zone presumably compromised : searchmeup.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
TAC Rating : 0
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchmeup.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmeup.com
Trusted zone presumably compromised : searchmeup.com

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

18:21:33 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:19:20.953
Objects scanned:150355
Objects identified:1
Objects ignored:0
New critical objects:1


and an ewideo security report log:

More options 4:37 pm (5 hours ago)

---------------------------------------------------------

ewido security suite - Scan report

---------------------------------------------------------



+ Created on: 16:35:38, 24-11-2005

+ Report-Checksum: AAEEA26F



+ Scan result:



HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup

HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup

:mozilla.25:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

:mozilla.26:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

:mozilla.27:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

:mozilla.28:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

:mozilla.29:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

:mozilla.30:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

:mozilla.31:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

:mozilla.32:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup

:mozilla.33:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup

:mozilla.34:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup

:mozilla.35:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup

:mozilla.36:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup

:mozilla.93:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup

:mozilla.105:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup

:mozilla.109:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup

:mozilla.110:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup

:mozilla.119:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Etracker : Cleaned with backup

:mozilla.120:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Etracker : Cleaned with backup

:mozilla.127:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup

:mozilla.128:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup

:mozilla.129:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup

:mozilla.130:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup

:mozilla.131:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup

:mozilla.132:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup

:mozilla.167:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup

:mozilla.179:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup

:mozilla.180:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup

:mozilla.181:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup

:mozilla.182:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup

:mozilla.183:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup

:mozilla.184:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup

:mozilla.185:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup

:mozilla.186:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup

:mozilla.187:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup

:mozilla.188:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup

:mozilla.189:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
  • 0

#4
infaddict

infaddict

    Visiting Staff

  • Member
  • PipPipPip
  • 734 posts
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...&DisplayLang=en
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#5
dutchdummy

dutchdummy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
my pc always has had troubles with updates, i.e. not being able to download and install them. this is what is says:

The Product JKey used to install Windows is invalid. Please contact yur system administrator or retailer immediately to obtain a valid Product Key. You may also contact Microsoft Corporation's Anti-piracy team by e-mailing piracy@microsoft.com. If you think you have purchased pirated Microsoft software, please be assured that any persoanal information you send to the Microsoft Anti-Piracy team will be kept in strict confidence.
  • 0

#6
infaddict

infaddict

    Visiting Staff

  • Member
  • PipPipPip
  • 734 posts
Hi dutchdummy :)

Did you purchase your copy of Windows XP? Do you have the Certificate of Authenticity with the product key on it?

For more information on seeing if your copy of Windows is legitimate, please visit this Microsoft How To Tell site and try using the Windows Validation Assistant.

If you copy of Windows is not genuine, then I'm afraid we cannot help you on this forum :)

I really want to help you, but you must upgrade to SP1a first. Please post back when you have done this. Good Luck :tazz: .
  • 0

#7
infaddict

infaddict

    Visiting Staff

  • Member
  • PipPipPip
  • 734 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP