Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

my hijackthis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

last log file for user "sunny"

Unread postby aasha86 » September 2nd, 2005, 5:57 pm

Logfile of HijackThis v1.99.1
Scan saved at 3:55:09 PM, on 9/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
c:\program files\mcafee.com\shared\mcinfo.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Documents and Settings\All Users\Documents\My Pictures\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch ... id=1.20031
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch ... id=1.20031
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.uchicago.edu/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lsass] C:\windows\system32\elitecxw32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AOL Instant Messanger] aim.exe
O4 - HKCU\..\Run: [CasStub] C:\Program Files\CasStub\casstub.exe -run
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.musicmatch.com
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/c ... /st2_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://echat.us.dell.com/Media/VisitorC ... EFlash.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.c ... r1_4us.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: AOL Instant Messenger (AOL Instant Messenger) - Unknown owner - C:\WINDOWS\USBSubsystem
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows lsass Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
aasha86
Regular Member
 
Posts: 56
Joined: September 2nd, 2005, 3:07 pm
Advertisement
Register to Remove

adaware result for "sunny"

Unread postby aasha86 » September 2nd, 2005, 6:01 pm

Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, September 02, 2005 3:58:31 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R64 31.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy(TAC index:8):3 total references
DyFuCA(TAC index:3):2 total references
MRU List(TAC index:0):73 total references
Possible Browser Hijack attempt(TAC index:3):9 total references
Tracking Cookie(TAC index:3):80 total references
VX2(TAC index:10):57 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


9-2-2005 3:58:31 PM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 588
ThreadCreationTime : 9-2-2005 9:31:42 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 652
ThreadCreationTime : 9-2-2005 9:31:44 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 676
ThreadCreationTime : 9-2-2005 9:31:45 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 720
ThreadCreationTime : 9-2-2005 9:31:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 732
ThreadCreationTime : 9-2-2005 9:31:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 900
ThreadCreationTime : 9-2-2005 9:31:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1016
ThreadCreationTime : 9-2-2005 9:31:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1164
ThreadCreationTime : 9-2-2005 9:31:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1212
ThreadCreationTime : 9-2-2005 9:31:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1412
ThreadCreationTime : 9-2-2005 9:31:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1584
ThreadCreationTime : 9-2-2005 9:31:57 PM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:12 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1656
ThreadCreationTime : 9-2-2005 9:31:57 PM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:13 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 1680
ThreadCreationTime : 9-2-2005 9:31:57 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:14 [mpfservice.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 1788
ThreadCreationTime : 9-2-2005 9:31:57 PM
BasePriority : Normal
FileVersion : 6.0.0.14
ProductVersion : 6.0.0.14
ProductName : McAfee Personal Firewall
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2000-2004 Networks Associates Technologies, Inc.
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service

#:15 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1876
ThreadCreationTime : 9-2-2005 9:31:58 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:16 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1984
ThreadCreationTime : 9-2-2005 9:32:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1384
ThreadCreationTime : 9-2-2005 9:32:32 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:18 [mm_tray.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ProcessID : 300
ThreadCreationTime : 9-2-2005 9:32:45 PM
BasePriority : Normal
FileVersion : 9.00.5059
ProductVersion : 9.00.5059
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe

#:19 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ProcessID : 432
ThreadCreationTime : 9-2-2005 9:32:45 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 2
ProductVersion : 5, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2004 Networks Associates Technology, Inc.
OriginalFilename : mcagent.exe

#:20 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1396
ThreadCreationTime : 9-2-2005 9:32:46 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:21 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 528
ThreadCreationTime : 9-2-2005 9:32:46 PM
BasePriority : Normal
FileVersion : 0.1.0.3275
ProductVersion : 0.1.0.3275
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:22 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 556
ThreadCreationTime : 9-2-2005 9:32:46 PM
BasePriority : Normal
FileVersion : 5.9.3702
ProductVersion : 5.9.3702
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:23 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 568
ThreadCreationTime : 9-2-2005 9:32:47 PM
BasePriority : Normal
FileVersion : 5.35.0.035
ProductVersion : 005.035.000.035
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)

#:24 [mpbtn.exe]
FilePath : C:\Program Files\SBC Self Support Tool\bin\
ProcessID : 1132
ThreadCreationTime : 9-2-2005 9:32:55 PM
BasePriority : Normal


#:25 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2976
ThreadCreationTime : 9-2-2005 9:33:50 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:26 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 2128
ThreadCreationTime : 9-2-2005 9:35:19 PM
BasePriority : Normal


#:27 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 2168
ThreadCreationTime : 9-2-2005 9:35:19 PM
BasePriority : High


#:28 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2352
ThreadCreationTime : 9-2-2005 9:35:24 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:29 [mm_tray.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ProcessID : 1080
ThreadCreationTime : 9-2-2005 9:35:27 PM
BasePriority : Normal
FileVersion : 9.00.5059
ProductVersion : 9.00.5059
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe

#:30 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ProcessID : 1008
ThreadCreationTime : 9-2-2005 9:35:27 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 2
ProductVersion : 5, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2004 Networks Associates Technology, Inc.
OriginalFilename : mcagent.exe

#:31 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2476
ThreadCreationTime : 9-2-2005 9:35:27 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:32 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 2596
ThreadCreationTime : 9-2-2005 9:35:28 PM
BasePriority : Normal
FileVersion : 5.9.3702
ProductVersion : 5.9.3702
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:33 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 2580
ThreadCreationTime : 9-2-2005 9:35:28 PM
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:34 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 2648
ThreadCreationTime : 9-2-2005 9:35:29 PM
BasePriority : Normal
FileVersion : 5.35.0.035
ProductVersion : 005.035.000.035
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)

#:35 [mpbtn.exe]
FilePath : C:\Program Files\SBC Self Support Tool\bin\
ProcessID : 2744
ThreadCreationTime : 9-2-2005 9:35:33 PM
BasePriority : Normal


#:36 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 2256
ThreadCreationTime : 9-2-2005 9:52:19 PM
BasePriority : Normal


#:37 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1100
ThreadCreationTime : 9-2-2005 9:52:19 PM
BasePriority : High


#:38 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1892
ThreadCreationTime : 9-2-2005 9:52:24 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:39 [mm_tray.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ProcessID : 2524
ThreadCreationTime : 9-2-2005 9:52:26 PM
BasePriority : Normal
FileVersion : 9.00.5059
ProductVersion : 9.00.5059
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe

#:40 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ProcessID : 2272
ThreadCreationTime : 9-2-2005 9:52:26 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 2
ProductVersion : 5, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2004 Networks Associates Technology, Inc.
OriginalFilename : mcagent.exe

#:41 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2268
ThreadCreationTime : 9-2-2005 9:52:26 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:42 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 640
ThreadCreationTime : 9-2-2005 9:52:26 PM
BasePriority : Normal
FileVersion : 0.1.0.3275
ProductVersion : 0.1.0.3275
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:43 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 2336
ThreadCreationTime : 9-2-2005 9:52:26 PM
BasePriority : Normal
FileVersion : 5.9.3702
ProductVersion : 5.9.3702
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:44 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 2340
ThreadCreationTime : 9-2-2005 9:52:27 PM
BasePriority : Normal
FileVersion : 5.35.0.035
ProductVersion : 005.035.000.035
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)

#:45 [mpbtn.exe]
FilePath : C:\Program Files\SBC Self Support Tool\bin\
ProcessID : 2664
ThreadCreationTime : 9-2-2005 9:52:29 PM
BasePriority : Normal


#:46 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 2504
ThreadCreationTime : 9-2-2005 9:52:37 PM
BasePriority : Normal


#:47 [hijackthis.exe]
FilePath : C:\Documents and Settings\bobbie\My Documents\
ProcessID : 2344
ThreadCreationTime : 9-2-2005 9:52:40 PM
BasePriority : Normal
FileVersion : 1.99.0001
ProductVersion : 1.99.0001
ProductName : HijackThis
CompanyName : Soeperman Enterprises Ltd.
FileDescription : HijackThis
InternalName : HijackThis
LegalCopyright : Freeware
OriginalFilename : HijackThis.exe
Comments : Version history is in Help section

#:48 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3312
ThreadCreationTime : 9-2-2005 9:52:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE

#:49 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3320
ThreadCreationTime : 9-2-2005 9:52:51 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:50 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 2924
ThreadCreationTime : 9-2-2005 9:54:25 PM
BasePriority : Normal


#:51 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 460
ThreadCreationTime : 9-2-2005 9:54:25 PM
BasePriority : High


#:52 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2608
ThreadCreationTime : 9-2-2005 9:54:30 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:53 [mm_tray.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ProcessID : 3036
ThreadCreationTime : 9-2-2005 9:54:32 PM
BasePriority : Normal
FileVersion : 9.00.5059
ProductVersion : 9.00.5059
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe

#:54 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ProcessID : 2684
ThreadCreationTime : 9-2-2005 9:54:32 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 2
ProductVersion : 5, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2004 Networks Associates Technology, Inc.
OriginalFilename : mcagent.exe

#:55 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2728
ThreadCreationTime : 9-2-2005 9:54:32 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:56 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2748
ThreadCreationTime : 9-2-2005 9:54:33 PM
BasePriority : Normal
FileVersion : 0.1.0.3275
ProductVersion : 0.1.0.3275
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:57 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 4040
ThreadCreationTime : 9-2-2005 9:54:33 PM
BasePriority : Normal
FileVersion : 5.9.3702
ProductVersion : 5.9.3702
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:58 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 3088
ThreadCreationTime : 9-2-2005 9:54:33 PM
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:59 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 3472
ThreadCreationTime : 9-2-2005 9:54:34 PM
BasePriority : Normal
FileVersion : 5.35.0.035
ProductVersion : 005.035.000.035
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)

#:60 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1724
ThreadCreationTime : 9-2-2005 9:54:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:61 [mpbtn.exe]
FilePath : C:\Program Files\SBC Self Support Tool\bin\
ProcessID : 2248
ThreadCreationTime : 9-2-2005 9:54:37 PM
BasePriority : Normal


#:62 [realplay.exe]
FilePath : C:\Program Files\Real\RealOne Player\
ProcessID : 3300
ThreadCreationTime : 9-2-2005 9:54:37 PM
BasePriority : Idle
FileVersion : 6.0.12.1069
ProductVersion : 6.0.12.1069
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:63 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 3328
ThreadCreationTime : 9-2-2005 9:54:45 PM
BasePriority : Normal


#:64 [ewidoguard.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 3852
ThreadCreationTime : 9-2-2005 9:54:58 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe

#:65 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3940
ThreadCreationTime : 9-2-2005 9:57:36 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\avenue media

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUI3n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUB3D5om

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUE3v5nt

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUT3h5rshSBath

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUT3h5rshSysSInf

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUL3n5Title

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUC3u5rrentSMode

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUC3n5tFyl

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUI3g5noreS

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUL3a5stSSChckin

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUS3t5atusOfSInst

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUI3d5OfSDist

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\software\aurora
Value : AUI3d5OfSInst

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUB3D5om

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUE3v5nt

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUT3h5rshSBath

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUT3h5rshSysSInf

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUL3n5Title

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUC3u5rrentSMode

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUC3n5tFyl

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUC3n5trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUI3g5noreS

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUS3t5atusOfSInst

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUL3a5stSSChckin

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUI3d5OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUI3n5ProgSLstest

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 56
Objects found so far: 56


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : S-1-5-21-1715567821-1770027372-839522115-1004\Software\Microsoft\Internet Explorer\MainSearch Page.shopnav.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.shopnav.com/sidesearch.cgi?uid=11148210&id=1.20031"
TAC Rating : 3
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1004\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://websearch.shopnav.com/sidesearch.cgi?uid=11148210&id=1.20031"
Possible Browser Hijack attempt : S-1-5-21-1715567821-1770027372-839522115-1004\Software\Microsoft\Internet Explorer\MainSearch Bar.shopnav.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.shopnav.com/sidesearch.cgi?uid=11148210&id=1.20031"
TAC Rating : 3
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1004\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://websearch.shopnav.com/sidesearch.cgi?uid=11148210&id=1.20031"
Possible Browser Hijack attempt : S-1-5-21-1715567821-1770027372-839522115-1004\Software\Microsoft\Internet Explorer\SearchURL.shopnav.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "websearch.shopnav.com/q.cgi?q="
TAC Rating : 3
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1004\Software\Microsoft\Internet Explorer\SearchURL
Value :
Data : "websearch.shopnav.com/q.cgi?q="
Possible Browser Hijack attempt : S-1-5-21-1715567821-1770027372-839522115-1005\Software\Microsoft\Internet Explorer\MainSearch Pagewebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
TAC Rating : 3
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Possible Browser Hijack attempt : S-1-5-21-1715567821-1770027372-839522115-1005\Software\Microsoft\Internet Explorer\MainSearch Barwebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
TAC Rating : 3
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Possible Browser Hijack attempt : S-1-5-21-1715567821-1770027372-839522115-1005\Software\Microsoft\Internet Explorer\SearchURLwebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "websearch.drsnsrch.com/q.cgi?q="
TAC Rating : 3
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1005\Software\Microsoft\Internet Explorer\SearchURL
Value :
Data : "websearch.drsnsrch.com/q.cgi?q="
Possible Browser Hijack attempt : S-1-5-21-1715567821-1770027372-839522115-1006\Software\Microsoft\Internet Explorer\MainSearch Pagewebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
TAC Rating : 3
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Possible Browser Hijack attempt : S-1-5-21-1715567821-1770027372-839522115-1006\Software\Microsoft\Internet Explorer\MainSearch Barwebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
TAC Rating : 3
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Possible Browser Hijack attempt : S-1-5-21-1715567821-1770027372-839522115-1006\Software\Microsoft\Internet Explorer\SearchURLwebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "websearch.drsnsrch.com/q.cgi?q="
TAC Rating : 3
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\Software\Microsoft\Internet Explorer\SearchURL
Value :
Data : "websearch.drsnsrch.com/q.cgi?q="

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 65


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sunny@realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:144
Value : Cookie:sunny@realmedia.com/
Expires : 12-31-2020 6:00:00 PM
LastSync : Hits:144
UseCount : 0
Hits : 144

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sunny@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\sunny\Cookies\sunny@2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sunny@abcsearch[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\sunny\Cookies\sunny@abcsearch[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sunny@ad-logics[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\sunny\Cookies\sunny@ad-logics[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sunny@adrevolver[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\sunny\Cookies\sunny@adrevolver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sunny@adrevolver[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\sunny\Cookies\sunny@adrevolver[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sunny@ads.addynamix[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\sunny\Cookies\sunny@ads.addynamix[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sunny@ads.pointroll[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\sunny\Cookies\sunny@ads.pointroll[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sunny@adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\sunny\Cookies\sunny@adserver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sunny@adserver[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\sunny\Cookies\sunny@adserver[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sunny@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\sunny\Cookies\sunny@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sunny@apmebf[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\sunny\Cookies\sunny@apmebf[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sunny@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\sunny\Cookies\sunny@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sunny@banner.goldenpalace[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\sunny\Cookies\sunny@banner.goldenpalace[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sunny@bannerfarm.ace.advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\sunny\Cookies\sunny@bannerfarm.ace.advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sunny@bfast[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\sunny\Cookies\sunny@bfast[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sunny@bluestreak[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\sunny\Cookies\sunny@bluestreak[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sunny@casalemedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Valu
aasha86
Regular Member
 
Posts: 56
Joined: September 2nd, 2005, 3:07 pm

Unread postby ChrisRLG » September 2nd, 2005, 6:06 pm

Advised aasha86 in chatoom to run the elete and l2m fixes and ewido in each account -

then postback with fresh HJT logs.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

a new log report for the original user

Unread postby aasha86 » September 2nd, 2005, 6:23 pm

Logfile of HijackThis v1.99.1
Scan saved at 4:22:10 PM, on 9/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe
C:\WINDOWS\USBSubsystem

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.uchicago.edu/
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/c ... /st2_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://echat.us.dell.com/Media/VisitorC ... EFlash.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.c ... r1_4us.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: AOL Instant Messenger (AOL Instant Messenger) - Unknown owner - C:\WINDOWS\USBSubsystem
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows lsass Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
aasha86
Regular Member
 
Posts: 56
Joined: September 2nd, 2005, 3:07 pm

ewido report for "owner"

Unread postby aasha86 » September 2nd, 2005, 7:23 pm

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:22:27 PM, 9/2/2005
+ Report-Checksum: 69768BB8

+ Scan result:

HKLM\SOFTWARE\AutoLoader -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3646C2BD-3554-49CA-8125-44DEEFB881DE} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} -> Spyware.NewtonKnows : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FB45C451-B0E9-4407-BB6A-9361013F3E9A} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\SecureWin -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\skin -> Spyware.Delfin : Cleaned with backup
HKU\.DEFAULT\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-1715567821-1770027372-839522115-1003\Software\Bundles -> Spyware.SecondThought : Cleaned with backup
HKU\S-1-5-21-1715567821-1770027372-839522115-1003\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1715567821-1770027372-839522115-1003\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1715567821-1770027372-839522115-1003\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1715567821-1770027372-839522115-1003\Software\Mvu -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-1715567821-1770027372-839522115-1006\Software\BTGrab -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-1715567821-1770027372-839522115-1006\Software\Bundles -> Spyware.SecondThought : Cleaned with backup
HKU\S-1-5-21-1715567821-1770027372-839522115-1006\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1715567821-1770027372-839522115-1006\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1715567821-1770027372-839522115-1006\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1715567821-1770027372-839522115-1006\Software\LQ -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-18\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@abetterinternet[3].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@abetterinternet[4].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@ad-logics[1].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@adviva[2].txt -> Spyware.Cookie.Adviva : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@bs.serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@cnn.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@commission-junction[2].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wfk4woczgbo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wfkiuoc5seq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wfkyqmdzwko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wfl4spdjsao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wflikiajego.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wjk4oiczkhp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wjk4sld5cgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wjkoenazebo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wjkogkczigo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wjkoglajkeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wjkyomc5ocp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wjkyshc5geo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wjloeiczcgq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wjlokiajskp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wjlowkdpcdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wjlowndjgfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wjmysnczmcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wjny-1ld5gc.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wjny-1oazac.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wjnyopczmgp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wjnyqndzmco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wjnywjdpebp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@ehg-bestbuy.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@ehg-buyseasons.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@ehg-cricinfo.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@estat[1].txt -> Spyware.Cookie.Estat : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@goldenpalace[1].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@internetfuel[1].txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@mt.valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@rccl.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@test.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@www.burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@www.shopathomeselect[1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@xxxtoolbar[2].txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\1114828_3968_184_1128_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\1115750_2896_1568_1216_63.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\1245692_3968_184_1596_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\131274_1608_152_3080_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\131402_4576_1308_2648_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\132722_4192_3480_5140_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\133222_4192_3480_5952_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\133222_4192_3480_5952_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\1769898_3968_184_3344_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\1966508_1536_184_5900_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\1966508_1536_184_5900_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\1E.tmp\thnall1a.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\20776570_4472_436_5200_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\328068_3968_184_1776_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\3540902_3524_184_4468_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\393486_1608_152_3028_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\394966_2896_1568_3760_63.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\458948_3064_1992_2276_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\458948_3064_1992_2276_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\459046_1608_152_1432_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\459146_3968_184_3632_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\460264_3768_3224_2548_63.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\460926_3968_184_4440_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\590214_3968_184_4008_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\655758_3968_184_4092_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\67642_4192_3480_5680_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\722960_3968_184_6084_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\786750_3968_184_3840_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\786750_3968_184_3840_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\852544_3968_184_260_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\8d0a.sys -> Trojan.Kolweb.a : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\919144_2896_1568_564_63.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\AutoUpdate0\auto_update_uninstall.exe -> Spyware.AproposMedia : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\DrTemp\abiuninst.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\i2B.tmp -> Spyware.SurfSide : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\KPY\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\nst9.EXE -> Spyware.SmartPops : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\qrwl.sys -> Trojan.Delf.cf : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\temp.fr0E7A -> Trojan.Kolweb.a : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\temp.fr5794 -> Trojan.Kolweb.a : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\UAR\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\ucl.sys -> Trojan.Delf.cf : Cleaned with backup
C:\Documents and Settings\bobbie\Local Settings\Temp\YJA\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SJKZ0T0F\NITE[1].exe -> Worm.Opanki.p : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@abetterinternet[3].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cnn.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@finishline.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@goldenpalace[1].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@northwestairlines.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.epilot[1].txt -> Spyware.Cookie.Epilot : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\10158330_520_1100_2464_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\1180250_5944_948_5776_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\1311362_1488_1172_3528_63.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\1311696_2572_3064_2648_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\131528_444_2780_3928_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\131626_164_1172_500_63.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\131988_2572_3064_4020_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\15402276_2572_3064_3820_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\197258_164_1172_2488_63.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\197532_2572_3064_3148_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\197782_2572_3064_1100_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\198028_2572_3064_3452_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\198040_2572_3064_2044_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\2360684_2572_3064_2824_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\2425132_2572_3064_2720_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\2622616_2572_3064_1200_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\263132_2572_3064_3612_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\32113142_1488_1172_1100_63.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\3277422_1488_1172_3560_63.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\327988_1096_3932_2400_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\328590_2572_3064_3708_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\459410_1488_1172_2236_63.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\524640_2572_3064_4044_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\573506598_3040_1628_2788_63.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\655608_452_1028_2904_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\655854_2572_3064_3268_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\66172_164_1172_3340_63.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\721472_1488_1172_3716_63.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\787070_1488_1172_2560_63.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\8d0a.sys -> Trojan.Kolweb.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\917748_2572_3064_3720_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\917760_2572_3064_3896_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\asfjkk32.tmp -> Spyware.SafeSurfing : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\labpengs.tmp -> Spyware.SafeSurfing : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\MMX\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\nsh_105.exe -> Spyware.Downloadware : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\res475.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\temp.exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr6309 -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr661E -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\ucl.sys -> Trojan.Delf.cf : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\VGK\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\zvku.sys -> Trojan.Delf.cf : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NVVP8C29\protector[1].exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\backups\backup-20050902-120545-970.dll -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\backups\backup-20050902-120546-877.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\Program Files\180searchassistant\salm.exe -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\180searchassistant\salmhook.dll -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\Cas\Client\casmf.dll -> Spyware.CASClient : Cleaned with backup
C:\Program Files\Common Files\Oem Common\robj1.dll -> Spyware.Nomeh : Cleaned with backup
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\168B47A8-FFBD-467F-99B2-787F7A\30AF4AFF-A326-4C35-9948-3B49B7 -> Spyware.Beginto : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\18F486DC-933C-4D50-A59D-61EBCE\69094255-6F3A-4E9E-BCDF-44FA1A -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\19C00256-A9EC-4D34-B371-D6BD25\3548E76A-1593-4A03-B668-D0C2DF -> Trojan.Agent.cp : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\40214D3F-40AD-478B-BA6F-9CA75D\030E2B89-E9D0-473A-BBBE-9A0E5A -> Spyware.SaveNow : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\40214D3F-40AD-478B-BA6F-9CA75D\8A51B182-C5A8-457B-AEFF-D03125 -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\40214D3F-40AD-478B-BA6F-9CA75D\9A981FD4-C63C-4ED3-91EA-CEB780 -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\60176A5D-2FCC-493D-AF42-05CB19\0E730B5A-A166-4E87-B6E6-5337D7 -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\60176A5D-2FCC-493D-AF42-05CB19\A0839DAC-A2CA-4C49-9C83-A7B618 -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\60176A5D-2FCC-493D-AF42-05CB19\F62589F4-F48F-45D5-BBFC-650BB2 -> Spyware.SaveNow : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6196305A-F362-467D-9E0D-F7466B\0B916BAE-C665-4CC2-8A30-4888E4 -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\67513671-4AD6-4C89-B4DC-47DA42\C4B30FB1-024D-4AA1-AE87-36BE70 -> TrojanDownloader.VB.eu : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8DCD6936-7888-413B-9209-341AEE\CAC5B31A-1F07-4BB6-A620-18E642 -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\9F3692B9-79D0-4612-9D6C-E77AE5\ABCA24C7-4135-48B3-B49F-076453 -> Spyware.WebSearch : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\9F3692B9-79D0-4612-9D6C-E77AE5\E4F20D30-274A-41E0-AF3F-0E4546 -> Spyware.WebSearch : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A82065BE-5D78-4D4D-93A4-977B93\54DFA6B6-5CDA-411E-BFB1-F32009 -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A82065BE-5D78-4D4D-93A4-977B93\6B44E3BB-0029-4C4D-BDD8-E55017 -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A82065BE-5D78-4D4D-93A4-977B93\BD17C49C-1A8C-4E0A-8B1F-2F3912 -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B0A62ACE-0BDE-4CEF-94AD-311AF2\3BEAD4D6-761E-4131-9474-A33020 -> TrojanDownloader.Wintool.f : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B0A62ACE-0BDE-4CEF-94AD-311AF2\DAE92711-417C-4239-B3E2-1855CB -> Spyware.Wintol : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B11D03C5-81D8-43F9-A357-B6E433\0B45589D-6C13-463C-8857-41A21B -> Spyware.WebSearch : Error during cleaning
C:\Program Files\Microsoft AntiSpyware\Quarantine\B11D03C5-81D8-43F9-A357-B6E433\5DED30C8-373D-46D5-8C43-B128BA -> Spyware.WebSearch : Error during cleaning
C:\Program Files\Microsoft AntiSpyware\Quarantine\B6042956-069C-4499-B4F8-A17ADC\BA5C69C2-A908-49AA-A3C8-484755 -> TrojanDownloader.Apropo.r : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\BC8A7494-D5EC-4C21-B1F5-9FBED2\421B4971-DB2D-44FC-8700-0E8138 -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C1440E21-7D56-46B3-B970-9A5A00\245B2A50-39B3-4E39-B496-ECCFAD -> TrojanDownloader.Wintool.f : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C1440E21-7D56-46B3-B970-9A5A00\C5E5879A-F9EC-4A80-8AD6-C26CE5 -> Spyware.Wintol : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C5D639C2-1457-4682-B3FD-195534\BFB25864-D92B-4925-8017-314B24 -> Spyware.SaveNow : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C5D639C2-1457-4682-B3FD-195534\C3740549-CFDC-428D-B69A-A88EF6 -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C5D639C2-1457-4682-B3FD-195534\DB1C988F-5DF7-45E2-907A-A6F7C1 -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E02C5B65-2233-4799-8D06-D3CDD0\D6FDA338-3553-4042-85C4-FAF544 -> TrojanDownloader.VB.eu : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E7DD22A4-E62F-4D85-B85A-D502D3\8BCFB1B5-44EE-41EC-B87E-384555 -> TrojanDownloader.Wintool.f : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E7DD22A4-E62F-4D85-B85A-D502D3\D9F81324-DD0F-4011-8754-754263 -> Spyware.Wintol : Cleaned with backup
C:\sjq553h.exe -> Worm.Opanki.p : Cleaned with backup
C:\temp\bundle_cdt1006.exe -> Adware.Saha : Cleaned with backup
C:\WINDOWS\8d0a.sys -> Trojan.Kolweb.a : Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\drvi\tcelfttnir.dll -> Spyware.SmartPops : Cleaned with backup
C:\WINDOWS\drvi\tcelfttnir.exe -> Spyware.SmartPops : Cleaned with backup
C:\WINDOWS\dsr.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\enhtb.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\mocogaprxf.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\qhxksizb.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\smhryq.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\1oqbpg.exe -> Trojan.Delf.cf : Cleaned with backup
C:\WINDOWS\system32\6clro2if.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\7n3maub.exe -> Trojan.Kolweb.a : Cleaned with backup
C:\WINDOWS\system32\8d0a.sys -> Trojan.Kolweb.a : Cleaned with backup
C:\WINDOWS\system32\drivers\etc\hosts -> Trojan.Qhost : Cleaned with backup
C:\WINDOWS\system32\gynuabva.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\lanbrup.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\nsb79.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\nsp16.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\nss14.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\nsvsvc\nsv.ocx -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\system32\nsvsvc\nsvs.dll -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\system32\nsvsvc\nsvsvc.exe -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\system32\nsw11.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\redtrsha.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\richup.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\vidctrl\vidctrl.exe -> Spyware.DelphinMediaViewer : Cleaned with backup
C:\WINDOWS\system32\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup
C:\WINDOWS\System320nsn6D0 -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\Temp\iB2.tmp -> Spyware.SurfSide : Error during cleaning
C:\WINDOWS\Temp\resB5.tmp -> Spyware.180Solutions : Error during cleaning
C:\WINDOWS\temp.bat -> Trojan.Zapchast : Cleaned with backup
C:\Xoav9OQD5llfO.exe -> Worm.Opanki.p : Cleaned with backup


::Report End
aasha86
Regular Member
 
Posts: 56
Joined: September 2nd, 2005, 3:07 pm

"bobbie" adaware report and ewido

Unread postby aasha86 » September 2nd, 2005, 7:28 pm

Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, September 02, 2005 5:24:35 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R64 31.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):32 total references
PeopleOnPage(TAC index:9):4 total references
Possible Browser Hijack attempt(TAC index:3):4 total references
Tracking Cookie(TAC index:3):67 total references
VX2(TAC index:10):29 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


9-2-2005 5:24:35 PM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 604
ThreadCreationTime : 9-2-2005 10:20:51 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 652
ThreadCreationTime : 9-2-2005 10:20:52 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 676
ThreadCreationTime : 9-2-2005 10:20:52 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 9-2-2005 10:20:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 736
ThreadCreationTime : 9-2-2005 10:20:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 912
ThreadCreationTime : 9-2-2005 10:20:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1024
ThreadCreationTime : 9-2-2005 10:20:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1216
ThreadCreationTime : 9-2-2005 10:20:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1252
ThreadCreationTime : 9-2-2005 10:20:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1416
ThreadCreationTime : 9-2-2005 10:20:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1592
ThreadCreationTime : 9-2-2005 10:21:03 PM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:12 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1664
ThreadCreationTime : 9-2-2005 10:21:03 PM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:13 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 1688
ThreadCreationTime : 9-2-2005 10:21:03 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:14 [mpfservice.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 1784
ThreadCreationTime : 9-2-2005 10:21:03 PM
BasePriority : Normal
FileVersion : 6.0.0.14
ProductVersion : 6.0.0.14
ProductName : McAfee Personal Firewall
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2000-2004 Networks Associates Technologies, Inc.
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service

#:15 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2004
ThreadCreationTime : 9-2-2005 10:21:07 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:16 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 192
ThreadCreationTime : 9-2-2005 10:21:08 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:17 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 300
ThreadCreationTime : 9-2-2005 10:21:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:18 [mm_tray.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ProcessID : 484
ThreadCreationTime : 9-2-2005 10:21:10 PM
BasePriority : Normal
FileVersion : 9.00.5059
ProductVersion : 9.00.5059
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe

#:19 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ProcessID : 500
ThreadCreationTime : 9-2-2005 10:21:11 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 2
ProductVersion : 5, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2004 Networks Associates Technology, Inc.
OriginalFilename : mcagent.exe

#:20 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 516
ThreadCreationTime : 9-2-2005 10:21:11 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:21 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 568
ThreadCreationTime : 9-2-2005 10:21:12 PM
BasePriority : Normal
FileVersion : 0.1.0.3275
ProductVersion : 0.1.0.3275
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:22 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 936
ThreadCreationTime : 9-2-2005 10:21:16 PM
BasePriority : Normal
FileVersion : 5.9.3702
ProductVersion : 5.9.3702
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:23 [mpfagent.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 996
ThreadCreationTime : 9-2-2005 10:21:17 PM
BasePriority : Normal
FileVersion : 6.0.0.14
ProductVersion : 6.0.0.14
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Agent Interface
InternalName : MpfAgent
LegalCopyright : Copyright © 2000-2004 Networks Associates Technologies, Inc.
OriginalFilename : MPFAGENT.EXE
Comments : McAfee Personal Firewall Security Center Module

#:24 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 1164
ThreadCreationTime : 9-2-2005 10:21:18 PM
BasePriority : Normal
FileVersion : 5.35.0.035
ProductVersion : 005.035.000.035
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)

#:25 [mpbtn.exe]
FilePath : C:\Program Files\SBC Self Support Tool\bin\
ProcessID : 528
ThreadCreationTime : 9-2-2005 10:21:23 PM
BasePriority : Normal


#:26 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3016
ThreadCreationTime : 9-2-2005 10:22:16 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:27 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 3824
ThreadCreationTime : 9-2-2005 10:33:25 PM
BasePriority : Normal


#:28 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 3908
ThreadCreationTime : 9-2-2005 10:33:25 PM
BasePriority : High


#:29 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 172
ThreadCreationTime : 9-2-2005 10:33:29 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:30 [mm_tray.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ProcessID : 1168
ThreadCreationTime : 9-2-2005 10:33:31 PM
BasePriority : Normal
FileVersion : 9.00.5059
ProductVersion : 9.00.5059
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe

#:31 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ProcessID : 1200
ThreadCreationTime : 9-2-2005 10:33:31 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 2
ProductVersion : 5, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2004 Networks Associates Technology, Inc.
OriginalFilename : mcagent.exe

#:32 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1856
ThreadCreationTime : 9-2-2005 10:33:31 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:33 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 3248
ThreadCreationTime : 9-2-2005 10:33:31 PM
BasePriority : Normal
FileVersion : 0.1.0.3275
ProductVersion : 0.1.0.3275
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:34 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 1500
ThreadCreationTime : 9-2-2005 10:33:32 PM
BasePriority : Normal
FileVersion : 5.9.3702
ProductVersion : 5.9.3702
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:35 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 1580
ThreadCreationTime : 9-2-2005 10:33:33 PM
BasePriority : Normal
FileVersion : 5.35.0.035
ProductVersion : 005.035.000.035
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)

#:36 [mpbtn.exe]
FilePath : C:\Program Files\SBC Self Support Tool\bin\
ProcessID : 2156
ThreadCreationTime : 9-2-2005 10:33:37 PM
BasePriority : Normal


#:37 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 2276
ThreadCreationTime : 9-2-2005 10:33:44 PM
BasePriority : Normal


#:38 [securitysuite.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 3184
ThreadCreationTime : 9-2-2005 10:36:31 PM
BasePriority : Normal
FileVersion : 3, 5, 0, 0
ProductVersion : 3, 5, 0, 0
ProductName : ewido security suite
CompanyName : ewido networks
FileDescription : security suite
InternalName : GuiLoader
LegalCopyright : © 2003 ewido networks
OriginalFilename : SecuritySuite.exe

#:39 [securitysuite.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 3092
ThreadCreationTime : 9-2-2005 10:38:45 PM
BasePriority : Normal
FileVersion : 3, 5, 0, 0
ProductVersion : 3, 5, 0, 0
ProductName : ewido security suite
CompanyName : ewido networks
FileDescription : security suite
InternalName : GuiLoader
LegalCopyright : © 2003 ewido networks
OriginalFilename : SecuritySuite.exe

#:40 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3580
ThreadCreationTime : 9-2-2005 11:22:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE

#:41 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3008
ThreadCreationTime : 9-2-2005 11:22:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE

#:42 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2696
ThreadCreationTime : 9-2-2005 11:23:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE

#:43 [ewidoguard.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 1972
ThreadCreationTime : 9-2-2005 11:23:51 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe

#:44 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2572
ThreadCreationTime : 9-2-2005 11:24:09 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:45 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2324
ThreadCreationTime : 9-2-2005 11:24:20 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUB3D5om

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUE3v5nt

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUT3h5rshSBath

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUT3h5rshSysSInf

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUL3n5Title

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUC3u5rrentSMode

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUC3n5tFyl

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUC3n5trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUI3g5noreS

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUS3t5atusOfSInst

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUL3a5stSSChckin

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUI3d5OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\software\aurora
Value : AUI3n5ProgSLstest

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 27
Objects found so far: 27


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : S-1-5-21-1715567821-1770027372-839522115-1006\Software\Microsoft\Internet Explorer\MainSearch Pagewebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
TAC Rating : 10
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Possible Browser Hijack attempt : S-1-5-21-1715567821-1770027372-839522115-1006\Software\Microsoft\Internet Explorer\MainSearch Barwebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
TAC Rating : 10
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Possible Browser Hijack attempt : S-1-5-21-1715567821-1770027372-839522115-1006\Software\Microsoft\Internet Explorer\SearchURLwebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "websearch.drsnsrch.com/q.cgi?q="
TAC Rating : 10
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-1770027372-839522115-1006\Software\Microsoft\Internet Explorer\SearchURL
Value :
Data : "websearch.drsnsrch.com/q.cgi?q="

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 30


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5085
Value : Cookie:bobbie@advertising.com/
Expires : 8-31-2010 10:42:28 AM
LastSync : Hits:5085
UseCount : 0
Hits : 5085

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:56
Value : Cookie:bobbie@bluestreak.com/
Expires : 8-29-2015 10:00:52 AM
LastSync : Hits:56
UseCount : 0
Hits : 56

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@trafficmp[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1109
Value : Cookie:bobbie@trafficmp.com/
Expires : 8-5-2006 11:00:32 AM
LastSync : Hits:1109
UseCount : 0
Hits : 1109

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:280
Value : Cookie:bobbie@zedo.com/
Expires : 8-4-2015 10:26:24 AM
LastSync : Hits:280
UseCount : 0
Hits : 280

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:358
Value : Cookie:bobbie@atdmt.com/
Expires : 8-3-2010 6:00:00 PM
LastSync : Hits:358
UseCount : 0
Hits : 358

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:126
Value : Cookie:bobbie@realmedia.com/
Expires : 12-31-2020 6:00:00 PM
LastSync : Hits:126
UseCount : 0
Hits : 126

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@servedby.advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8596
Value : Cookie:bobbie@servedby.advertising.com/
Expires : 10-1-2005 10:42:28 AM
LastSync : Hits:8596
UseCount : 0
Hits : 8596

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@internetfuel[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:bobbie@internetfuel.com/
Expires : 12-1-2013 8:00:00 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@apmebf[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:bobbie@apmebf.com/
Expires : 8-27-2010 7:50:44 PM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:33
Value : Cookie:bobbie@tribalfusion.com/
Expires : 12-31-2037 6:00:00 PM
LastSync : Hits:33
UseCount : 0
Hits : 33

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@tripod[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:bobbie@tripod.com/
Expires : 8-6-2006 6:51:26 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:65
Value : Cookie:bobbie@hitbox.com/
Expires : 8-31-2006 1:50:46 PM
LastSync : Hits:65
UseCount : 0
Hits : 65

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@ehg-bestbuy.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:28
Value : Cookie:bobbie@ehg-bestbuy.hitbox.com/
Expires : 8-22-2006 4:59:58 PM
LastSync : Hits:28
UseCount : 0
Hits : 28

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@live365[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:42
Value : Cookie:bobbie@live365.com/
Expires : 8-10-2010 12:42:08 PM
LastSync : Hits:42
UseCount : 0
Hits : 42

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@edge.ru4[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:bobbie@edge.ru4.com/
Expires : 8-7-2035 3:39:10 AM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@qksrv[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:bobbie@qksrv.net/
Expires : 8-5-2010 1:15:42 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@revenue[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:36
Value : Cookie:bobbie@revenue.net/
Expires : 6-9-2022 11:05:42 PM
LastSync : Hits:36
UseCount : 0
Hits : 36

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@adrevolver[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:19
Value : Cookie:bobbie@media.adrevolver.com/adrevolver/
Expires : 5-15-2008 4:21:10 PM
LastSync : Hits:19
UseCount : 0
Hits : 19

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@as-us.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:bobbie@as-us.falkag.net/
Expires : 9-8-2005 6:34:42 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@centrport[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:14
Value : Cookie:bobbie@centrport.net/
Expires : 12-31-2029 6:00:00 PM
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@tickle[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:bobbie@tickle.com/
Expires : 8-6-2007 8:18:42 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@casalemedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:230
Value : Cookie:bobbie@casalemedia.com/
Expires : 8-22-2006 9:49:16 AM
LastSync : Hits:230
UseCount : 0
Hits : 230

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:93
Value : Cookie:bobbie@mediaplex.com/
Expires : 6-21-2009 6:00:00 PM
LastSync : Hits:93
UseCount : 0
Hits : 93

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@z1.adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:91
Value : Cookie:bobbie@z1.adserver.com/
Expires : 8-29-2006 5:31:28 PM
LastSync : Hits:91
UseCount : 0
Hits : 91

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@ads.pointroll[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:237
Value : Cookie:bobbie@ads.pointroll.com/
Expires : 12-31-2009 6:00:00 PM
LastSync : Hits:237
UseCount : 0
Hits : 237

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@pacificpoker[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:bobbie@pacificpoker.com/
Expires : 4-1-2007 6:26:44 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@statse.webtrendslive[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:101
Value : Cookie:bobbie@statse.webtrendslive.com/
Expires : 8-21-2015 6:44:44 PM
LastSync : Hits:101
UseCount : 0
Hits : 101

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@citi.bridgetrack[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:815
Value : Cookie:bobbie@citi.bridgetrack.com/
Expires : 8-26-2006 10:00:00 PM
LastSync : Hits:815
UseCount : 0
Hits : 815

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@adserver.photobucket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:bobbie@adserver.photobucket.com/
Expires : 8-17-2005 12:18:18 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:bobbie@doubleclick.net/
Expires : 9-2-2005 5:39:12 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@ads.addynamix[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:25
Value : Cookie:bobbie@ads.addynamix.com/
Expires : 8-31-2005 12:20:34 PM
LastSync : Hits:25
UseCount : 0
Hits : 25

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:69
Value : Cookie:bobbie@overture.com/
Expires : 8-12-2015 9:52:36 PM
LastSync : Hits:69
UseCount : 0
Hits : 69

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@www.shopathomeselect[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:373
Value : Cookie:bobbie@www.shopathomeselect.com/
Expires : 12-31-2099 6:00:00 PM
LastSync : Hits:373
UseCount : 0
Hits : 373

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@statcounter[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:52
Value : Cookie:bobbie@statcounter.com/
Expires : 8-20-2010 3:56:02 PM
LastSync : Hits:52
UseCount : 0
Hits : 52

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@data.coremetrics[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:bobbie@data.coremetrics.com/
Expires : 8-4-2020 10:39:26 AM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@adrevolver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:bobbie@adrevolver.com/
Expires : 8-22-2006 4:11:42 PM
LastSync : Hits:15
UseCount : 0
Hits : 15

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@www.entrepreneur[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:bobbie@www.entrepreneur.com/
Expires : 9-6-2014 5:50:08 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@test.coremetrics[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:bobbie@test.coremetrics.com/
Expires : 8-22-2020 6:22:26 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:910
Value : Cookie:bobbie@fastclick.net/
Expires : 8-31-2007 1:53:36 PM
LastSync : Hits:910
UseCount : 0
Hits : 910

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@linksynergy[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:60
Value : Cookie:bobbie@linksynergy.com/
Expires : 8-23-2025 7:33:14 PM
LastSync : Hits:60
UseCount : 0
Hits : 60

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@xxxtoolbar[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:bobbie@xxxtoolbar.com/
Expires : 9-5-2005 3:40:08 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@bs.serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:bobbie@bs.serving-sys.com/
Expires : 12-31-2037 11:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@perf.overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:bobbie@perf.overture.com/
Expires : 8-5-2009 3:41:08 PM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@cgi-bin[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:17
Value : Cookie:bobbie@www3.addfreestats.com/cgi-bin
Expires : 2-27-2015 6:00:00 PM
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@bfast[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:17
Value : Cookie:bobbie@bfast.com/
Expires : 8-22-2025 4:57:26 PM
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@estat[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:bobbie@estat.com/
Expires : 8-6-2015 2:25:32 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:bobbie@questionmarket.com/
Expires : 10-22-2006 6:01:18 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie:bobbie@serving-sys.com/
Expires : 12-31-2037 11:00:00 PM
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@valueclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:90
Value : Cookie:bobbie@valueclick.com/
Expires : 8-2-2030 10:07:00 PM
LastSync : Hits:90
UseCount : 0
Hits : 90

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:563
Value : Cookie:bobbie@ads.revsci.net/adserver
Expires : 9-21-2005 5:46:06 PM
LastSync : Hits:563
UseCount : 0
Hits : 563

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:bobbie@tradedoubler.com/
Expires : 8-23-2005 2:58:44 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:bobbie@247realmedia.com/
Expires : 12-31-2020 6:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@commission-junction[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:bobbie@commission-junction.com/
Expires : 8-27-2010 7:50:44 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@ehg-cricinfo.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:bobbie@ehg-cricinfo.hitbox.com/
Expires : 8-31-2006 1:50:46 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@ad-logics[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:bobbie@ad-logics.com/
Expires : 8-6-2015 3:25:04 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:163
Value : Cookie:bobbie@2o7.net/
Expires : 8-30-2010 7:09:46 PM
LastSync : Hits:163
UseCount : 0
Hits : 163

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@maxserving[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie:bobbie@maxserving.com/
Expires : 8-23-2015 6:34:46 PM
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@shoplocl.adbureau[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:bobbie@shoplocl.adbureau.net/
Expires : 2-28-2007 6:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@as-eu.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:39
Value : Cookie:bobbie@as-eu.falkag.net/
Expires : 8-31-2006 1:50:48 PM
LastSync : Hits:39
UseCount : 0
Hits : 39

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@mt.valueclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:bobbie@mt.valueclick.net/
Expires : 2-19-2006 5:39:44 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@overstock[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:27
Value : Cookie:bobbie@overstock.com/
Expires : 8-23-2006 6:09:58 PM
LastSync : Hits:27
UseCount : 0
Hits : 27

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@ads.adsag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:bobbie@ads.adsag.com/
Expires : 12-30-2037 10:00:00 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@adviva[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:bobbie@adviva.net/
Expires : 7-15-2010 8:58:02 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@rccl.bridgetrack[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:bobbie@rccl.bridgetrack.com/
Expires : 8-22-2006 10:00:00 PM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@targetnet[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:57
Value : Cookie:bobbie@targetnet.com/
Expires : 5-17-2033 9:33:20 PM
LastSync : Hits:57
UseCount : 0
Hits : 57

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@valueclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:bobbie@valueclick.net/
Expires : 8-17-2030 5:39:44 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bobbie@ehg-buyseasons.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:bobbie@ehg-buyseasons.hitbox.com/
Expires : 8-28-2006 7:29:14 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 67
Objects found
aasha86
Regular Member
 
Posts: 56
Joined: September 2nd, 2005, 3:07 pm

l2mfix for bobbie

Unread postby aasha86 » September 2nd, 2005, 7:31 pm

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}"="SnagIt"
"{CF74B903-3389-469c-B3B6-0204D204FCBD}"="SnagIt Shell Extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
msxml3a.dll Mon Jun 27 2005 3:41:26p A.... 24,576 24.00 K
richedtr.dll Mon Jun 27 2005 3:41:42p A.... 225,280 220.00 K
rwrgi.dll Mon Jul 11 2005 3:56:38p A.... 0 0.00 K
wirelanb.dll Wed Jul 27 2005 5:25:04p A.... 417,792 408.00 K

4 items found: 4 files, 0 directories.
Total of file sizes: 667,648 bytes 652.00 K
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 9CB9-6920

Directory of C:\WINDOWS\System32

07/16/2005 08:08 PM <DIR> dllcache
12/10/2004 06:49 PM <DIR> Microsoft
07/20/2001 07:38 AM 992 ms106msd.bin
1 File(s) 992 bytes
2 Dir(s) 108,471,226,368 bytes free
aasha86
Regular Member
 
Posts: 56
Joined: September 2nd, 2005, 3:07 pm

HJT log file after all the tests, for Bobbie

Unread postby aasha86 » September 2nd, 2005, 7:40 pm

Logfile of HijackThis v1.99.1
Scan saved at 5:39:48 PM, on 9/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\bobbie\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.uchicago.edu/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [hB3ERRj9W] cnestr10.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [dxmasf] C:\WINDOWS\System32\dxmasf.exe
O4 - HKCU\..\Run: [AOL Instant Messanger] aim.exe
O4 - HKCU\..\Run: [CasStub] C:\Program Files\CasStub\casstub.exe -run
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/c ... /st2_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://echat.us.dell.com/Media/VisitorC ... EFlash.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.c ... r1_4us.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: AOL Instant Messenger (AOL Instant Messenger) - Unknown owner - C:\WINDOWS\USBSubsystem
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows lsass Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
aasha86
Regular Member
 
Posts: 56
Joined: September 2nd, 2005, 3:07 pm

Unread postby LDTate » September 4th, 2005, 7:37 am

Hello aasha86,

I suggest you do this:


click Start> Run> type in CMD tap enter. Copy/Paste the following into command prompt:

sc delete lsass

At the command prompt: type exit.



Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O4 - HKCU\..\Run: [hB3ERRj9W] cnestr10.exe

O4 - HKCU\..\Run: [dxmasf] C:\WINDOWS\System32\dxmasf.exe

O4 - HKCU\..\Run: [CasStub] C:\Program Files\CasStub\casstub.exe -run

O23 - Service: Windows lsass Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)


These are Optional resource hogs and not needed at startup

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE


Close ALL windows and browsers except HijackThis and click "Fix checked"




Restart in Safe Mode:
Restart your computer.

Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.


Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Search for and delete these files if listed:
cnestr10.exe
C:\WINDOWS\System32\dxmasf.exe
C:\Program Files\CasStub\casstub.exe


Open C:\Windows\Prefetch\ Delete ALL files in this folder.



Do this also if these Temp Folders are part of your OS.

Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.


Next navigate to the C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


Empty the Recycle Bin

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.
User avatar
LDTate
WTT Teacher
WTT Teacher
 
Posts: 3920
Joined: February 18th, 2005, 8:38 pm
Location: Missouri, USA

my new log "bobbie"

Unread postby aasha86 » September 5th, 2005, 2:46 pm

Hi,
THanks for the help! My computer is A LOT better, it doesnt redirect me anywhere and not as many pop-ups and there hasnt been any blue screens and freezing.

here is my new HJT log

Logfile of HijackThis v1.99.1
Scan saved at 1:45:19 PM, on 9/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\bobbie\My Documents\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.uchicago.edu/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AOL Instant Messanger] aim.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/c ... /st2_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://echat.us.dell.com/Media/VisitorC ... EFlash.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.c ... r1_4us.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: AOL Instant Messenger (AOL Instant Messenger) - Unknown owner - C:\WINDOWS\USBSubsystem
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
aasha86
Regular Member
 
Posts: 56
Joined: September 2nd, 2005, 3:07 pm

Unread postby LDTate » September 5th, 2005, 8:14 pm

Are you still getting pop-ups?

Looks like you might be running 2 anti-Virus programs. If so, you need to remove one of them.
User avatar
LDTate
WTT Teacher
WTT Teacher
 
Posts: 3920
Joined: February 18th, 2005, 8:38 pm
Location: Missouri, USA

Unread postby aasha86 » September 6th, 2005, 2:04 pm

Hi,
No i'm not getting any more popups altho i did install the google popup blocker. WHich one should i delete? the McAfee i believe is expired.
i see two icons on my desktop tho, one is "second thought" and the other is for "blackjack"
THanks
Aasha
aasha86
Regular Member
 
Posts: 56
Joined: September 2nd, 2005, 3:07 pm

Unread postby LDTate » September 6th, 2005, 4:28 pm

Remove this file (if present) with Windows Explorer:
stcloader.exe

Use Add/Remove Programs and remove:
McAfee

see two icons on my desktop tho, one is "second thought" and the other is for "blackjack
" Delete both of those.


Let me know if you found stcloader.exe
User avatar
LDTate
WTT Teacher
WTT Teacher
 
Posts: 3920
Joined: February 18th, 2005, 8:38 pm
Location: Missouri, USA

Unread postby aasha86 » September 7th, 2005, 12:26 am

Hi,
I uninstalled the Mcafee
and I deleted the two icons off my desktop. I could not find the stcloader.exe through Windows explorer, but when i went to delete the "second thought" it siad the appliaction was "stc.exe" and it couldnt be deleted by deleting the shortcut.
aasha86
Regular Member
 
Posts: 56
Joined: September 2nd, 2005, 3:07 pm

Unread postby LDTate » September 7th, 2005, 7:58 am

Restart your computer in Safe Mode.

Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.

Delete this file:stc.exe

If that doesn't work, tell me the exact location of the file, like C:\windows\System32.....
User avatar
LDTate
WTT Teacher
WTT Teacher
 
Posts: 3920
Joined: February 18th, 2005, 8:38 pm
Location: Missouri, USA
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 123 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware