| View previous topic :: View next topic |
| Author |
Message |
Ray
Guest
|
 Posted: Fri Oct 14, 2005 18:49 pm Post subject: Security Center and W32.sinnaka.a@mm Virus |
 |
|
| I need help with this-I just started getting a message from Security Center warning me that "Your private info is collected by W32.Sinnaka.a@mm" Then a full screen of Security Products Pops up and I cannot remove this Page. I get this every time I logon to Internet Explorer to use Comcast. It does not happen with AOL since Comcast uses Internet Explorer. My Norton Software has not caught anything relating to this. Can you help ? Ray |
|
| Back to top |
|
 |
Corrine
Administrator
Joined: 18 Jan 2001
Posts: 13529
Location: Upstate, NY
|
| Posted: Fri Oct 14, 2005 18:52 pm Post subject: |
|
|
Hi, Ray. Welcome to Freedomlist. We will be happy to help you. Let's start with an Ad-Aware logfile. Please see the following topic for instructions: http://www.freedomlist.com/forum/viewtopic.php?t=17328
Thank you.
_________________
Freedomlist.com (March 1, 2000 - 2013)
 
Take a walk through my Security Garden |
|
| Back to top |
|
|
Ray
Guest
|
| Posted: Fri Oct 14, 2005 22:57 pm Post subject: Fix w32.sinnaka.a@mm |
|
|
Followed your suggestion and here is the log: Forgive me if it is too long:
Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, October 14, 2005 9:23:59 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R70 12.10.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects
10-14-2005 9:23:59 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Ray Briggs.HOMEOFFICE\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Ray Briggs.HOMEOFFICE\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : software\microsoft\office\11.0\access\settings
Description : list of recently opened documents in microsoft access
MRU List Object Recognized!
Location: : software\microsoft\office\11.0\common\general
Description : list of recently used symbols in microsoft office
MRU List Object Recognized!
Location: : software\microsoft\office\11.0\common\open find\microsoft document imaging\settings\save as\file name mru
Description : list of recent files saved by microsoft document imaging
MRU List Object Recognized!
Location: : software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint
MRU List Object Recognized!
Location: : software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word
MRU List Object Recognized!
Location: : software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word
MRU List Object Recognized!
Location: : software\microsoft\office\11.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint
MRU List Object Recognized!
Location: : software\microsoft\office\11.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint
MRU List Object Recognized!
Location: : software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad
MRU List Object Recognized!
Location: : software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 672
ThreadCreationTime : 10-14-2005 8:25:50 PM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 744
ThreadCreationTime : 10-14-2005 8:26:20 PM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 768
ThreadCreationTime : 10-14-2005 8:26:21 PM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 812
ThreadCreationTime : 10-14-2005 8:26:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 824
ThreadCreationTime : 10-14-2005 8:26:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 992
ThreadCreationTime : 10-14-2005 8:26:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1040
ThreadCreationTime : 10-14-2005 8:26:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1208
ThreadCreationTime : 10-14-2005 8:26:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1292
ThreadCreationTime : 10-14-2005 8:26:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1440
ThreadCreationTime : 10-14-2005 8:26:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [ccsetmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
ProcessID : 1560
ThreadCreationTime : 10-14-2005 8:26:33 PM
BasePriority : Normal
FileVersion : 2.1.7.2
ProductVersion : 2.1.7.2
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:12 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1596
ThreadCreationTime : 10-14-2005 8:26:33 PM
BasePriority : Normal
FileVersion : 2.1.7.2
ProductVersion : 2.1.7.2
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:13 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1784
ThreadCreationTime : 10-14-2005 8:26:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:14 [aolacsd.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"
ProcessID : 1884
ThreadCreationTime : 10-14-2005 8:26:34 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service
InternalName : AOLacsd
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLacsd.exe
#:15 [aoltsmon.exe]
ModuleName : C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
Command Line : "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"
ProcessID : 1896
ThreadCreationTime : 10-14-2005 8:26:35 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed(TM) Monitor
CompanyName : America Online, Inc
FileDescription : AOL TopSpeed(TM) Monitor
InternalName : AOL TopSpeed(TM) Monitor
LegalCopyright : Copyright © 2004 America Online, Inc.
OriginalFilename : aoltsmon.exe
#:16 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
ProcessID : 1940
ThreadCreationTime : 10-14-2005 8:26:35 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:17 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 1956
ThreadCreationTime : 10-14-2005 8:26:35 PM
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:18 [aoltpspd.exe]
ModuleName : C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
Command Line : -p11526 -q"11527,11528,11529,11530,11531,11532,11533" -S256 -G"C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\TopSpeed\2.0\vph.ph" -H1896 -e1
ProcessID : 1964
ThreadCreationTime : 10-14-2005 8:26:35 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed(TM)
CompanyName : America Online Inc
FileDescription : AOL TopSpeed(TM)
InternalName : AOL TopSpeed(TM) Loader
LegalCopyright : Copyright © 2003-2004
LegalTrademarks : AOL TopSpeed(TM)
OriginalFilename : aoltpspd.exe
#:19 [hpzipm12.exe]
ModuleName : C:\WINDOWS\System32\HPZipm12.exe
Command Line : C:\WINDOWS\System32\HPZipm12.exe
ProcessID : 2032
ThreadCreationTime : 10-14-2005 8:26:36 PM
BasePriority : Normal
FileVersion : 4, 5, 0, 802
ProductVersion : 4, 5, 0, 802
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe
#:20 [savscan.exe]
ModuleName : C:\Program Files\Norton AntiVirus\SAVScan.exe
Command Line : "C:\Program Files\Norton AntiVirus\SAVScan.exe"
ProcessID : 204
ThreadCreationTime : 10-14-2005 8:26:36 PM
BasePriority : Normal
ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright (c) 2004 Symantec Corporation
OriginalFilename : SAVSCAN.EXE
#:21 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 740
ThreadCreationTime : 10-14-2005 8:26:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:22 [symlcsvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
ProcessID : 724
ThreadCreationTime : 10-14-2005 8:26:38 PM
BasePriority : Normal
FileVersion : 1, 8, 50, 196
ProductVersion : 1, 8, 50, 196
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright (C) 2003
OriginalFilename : symlcsvc.exe
#:23 [symwsc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"
ProcessID : 1192
ThreadCreationTime : 10-14-2005 8:26:40 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe
#:24 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 200
ThreadCreationTime : 10-14-2005 8:26:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:25 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 392
ThreadCreationTime : 10-14-2005 8:27:26 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:26 [shnlog.exe]
ModuleName : C:\WINDOWS\system32\shnlog.exe
Command Line : "C:\WINDOWS\system32\shnlog.exe"
ProcessID : 632
ThreadCreationTime : 10-14-2005 8:27:32 PM
BasePriority : Normal
#:27 [hpgs2wnd.exe]
ModuleName : C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
Command Line : "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
ProcessID : 640
ThreadCreationTime : 10-14-2005 8:27:32 PM
BasePriority : Normal
FileVersion : 2,3,0,0\ 161
ProductVersion : 2,3,0,0\ 161
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe
#:28 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 700
ThreadCreationTime : 10-14-2005 8:27:32 PM
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:29 [strgsync.exe]
ModuleName : C:\Program Files\StorageSync\StrgSync.exe
Command Line : "C:\Program Files\StorageSync\StrgSync.exe"
ProcessID : 1464
ThreadCreationTime : 10-14-2005 8:27:32 PM
BasePriority : Normal
#:30 [mwsoemon.exe]
ModuleName : C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
Command Line : "C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe"
ProcessID : 1424
ThreadCreationTime : 10-14-2005 8:27:33 PM
BasePriority : Normal
FileVersion : 1,2,2,2
ProductVersion : 2,0,1,0
ProductName : My Web Search Bar for Internet Explorer, email clients, and messenger clients
CompanyName : MyWebSearch.com
FileDescription : My Web Search Email Plugin
InternalName : mwsoemon
LegalCopyright : Copyright © 2003-2004 MyWebSearch.com
OriginalFilename : mwsoemon.exe
#:31 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 1512
ThreadCreationTime : 10-14-2005 8:27:33 PM
BasePriority : Normal
FileVersion : 2.1.7.2
ProductVersion : 2.1.7.2
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:32 [realplay.exe]
ModuleName : C:\Program Files\Real\RealPlayer\RealPlay.exe
Command Line : "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
ProcessID : 968
ThreadCreationTime : 10-14-2005 8:27:33 PM
BasePriority : Normal
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE
#:33 [aoldial.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
ProcessID : 1604
ThreadCreationTime : 10-14-2005 8:27:34 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service Dialer
InternalName : AOLdial
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLdial.exe
#:34 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : "C:\WINDOWS\system32\rundll32.exe" C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
ProcessID : 1988
ThreadCreationTime : 10-14-2005 8:27:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:35 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 2068
ThreadCreationTime : 10-14-2005 8:27:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:36 [hpgs2wnf.exe]
ModuleName : C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
Command Line : "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe" -Embedding
ProcessID : 2088
ThreadCreationTime : 10-14-2005 8:27:35 PM
BasePriority : Normal
FileVersion : 2, 6, 0, 161
ProductVersion : 2, 6, 0, 161
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE
#:37 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 2108
ThreadCreationTime : 10-14-2005 8:27:43 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:38 [intmon.exe]
ModuleName : C:\WINDOWS\system32\intmon.exe
Command Line : intmon.exe
ProcessID : 2232
ThreadCreationTime : 10-14-2005 8:27:44 PM
BasePriority : Normal
#:39 [stimgbrowser.exe]
ModuleName : C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
Command Line : "C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe" /s
ProcessID : 2252
ThreadCreationTime : 10-14-2005 8:27:44 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 4
ProductVersion : 1, 0, 0, 4
ProductName : Samsung Digimax Viewer 2.1
CompanyName : STOIK Imaging (www.stoik.com)
FileDescription : STOIK Image Browser
InternalName : STOIK Image Browser
LegalCopyright : Copyright (C) STOIK Imaging Ltd. 2003
OriginalFilename : STImgBrowser.EXE
Comments : This is customization of STOIK Imaging Image Browser
#:40 [hpobnz08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe"
ProcessID : 2260
ThreadCreationTime : 10-14-2005 8:27:44 PM
BasePriority : Normal
FileVersion : 2.00
ProductVersion : 001.000.000.155
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOBNZ08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOBNZ08.EXE
Comments : HP OfficeJet <Banzai> Series COM Device Objects
#:41 [hposol08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
Command Line : "C:\Program
ProcessID : 2276
ThreadCreationTime : 10-14-2005 8:27:44 PM
BasePriority : Normal
FileVersion : 2.00
ProductVersion : 001.000.000.155
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOSOL08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOSOL08.EXE
Comments : HP OfficeJet <Solar> Series COM Device Objects
#:42 [aolhostmanager.exe]
ModuleName : C:\Program Files\Common Files\AOL\1125074644\ee\AOLHostManager.exe
Command Line : "C:\Program Files\Common Files\AOL\1125074644\ee\AOLHostManager.exe" /Embedding /c defaultCfg
ProcessID : 2572
ThreadCreationTime : 10-14-2005 8:27:53 PM
BasePriority : Normal
FileVersion : 1.3.6.0
ProductVersion : 1.3.6.0
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOLHostManager
InternalName : AOLHostManager
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLHostManager.exe
#:43 [aolservicehost.exe]
ModuleName : C:\Program Files\Common Files\AOL\1125074644\ee\AOLServiceHost.exe
Command Line : "C:\Program Files\Common Files\AOL\1125074644\ee\AOLServiceHost.exe" /c defaultCfg /h defaultGrp
ProcessID : 2772
ThreadCreationTime : 10-14-2005 8:27:56 PM
BasePriority : Normal
FileVersion : 1.3.6.0
ProductVersion : 1.3.6.0
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLServiceHost
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLServiceHost.exe
#:44 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 3136
ThreadCreationTime : 10-14-2005 8:28:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
#:45 [hpoevm08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe" -Embedding
ProcessID : 3812
ThreadCreationTime : 10-14-2005 8:28:57 PM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 001.000.000.155
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOEVM08.EXE
Comments : HP OfficeJet COM Event Manager
#:46 [aolsp scheduler.exe]
ModuleName : c:\program files\common files\aol\1125074644\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
Command Line : "c:\program files\common files\aol\1125074644\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe"
ProcessID : 3928
ThreadCreationTime : 10-14-2005 8:29:12 PM
BasePriority : Normal
#:47 [aolservicehost.exe]
ModuleName : C:\Program Files\Common Files\AOL\1125074644\ee\AOLServiceHost.exe
Command Line : "C:\Program Files\Common Files\AOL\1125074644\ee\AOLServiceHost.exe" /c defaultCfg /a eeapp_antiSpywareApp_2.0.7 /f "c:\program files\common files\aol\1125074644\ee\services\antiSpywareApp\ver2_0_7\antiSpywareApp.dll" /l "" /d clientMoniker=ee://aol/antiSpywar
ProcessID : 3992
ThreadCreationTime : 10-14-2005 8:29:15 PM
BasePriority : Normal
FileVersion : 1.3.6.0
ProductVersion : 1.3.6.0
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLServiceHost
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLServiceHost.exe
#:48 [hposts08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe" /CtxID "#Hewlett-Packard#hp psc 2200 series#1096569888" /Startup
ProcessID : 576
ThreadCreationTime : 10-14-2005 8:29:54 PM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 001.000.000.155
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOCPY08.EXE
Comments : HP OfficeJet Status
#:49 [waol.exe]
ModuleName : C:\Program Files\America Online 9.0e\waol.exe
Command Line : "C:\Program Files\America Online 9.0e\waol.exe"
ProcessID : 2432
ThreadCreationTime : 10-14-2005 11:31:35 PM
BasePriority : Normal
#:50 [shellmon.exe]
ModuleName : C:\Program Files\America Online 9.0e\shellmon.exe
Command Line : "C:\Program Files\America Online 9.0e\shellmon.exe"
ProcessID : 2556
ThreadCreationTime : 10-14-2005 11:31:46 PM
BasePriority : Normal
#:51 [aoltpspd.exe]
ModuleName : C:\Program Files\Common Files\Aol\aoltpspd.exe
Command Line : -p11523 -S256 -s443 -l443 -G"C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\C_America Online 9.0e\vph.ph" -c1 -Z -H2432
ProcessID : 2144
ThreadCreationTime : 10-14-2005 11:31:48 PM
BasePriority : Normal
FileVersion : 1, 1, 1, 0
ProductVersion : [v1_r1.1-2] On Mon 11/29/2004 19:54:26.07
ProductName : AOL TopSpeed(TM)
CompanyName : America Online Inc
FileDescription : AOL TopSpeed(TM)
InternalName : AOL TopSpeed(TM)
LegalCopyright : Copyright © America Online 2003
LegalTrademarks : AOL TopSpeed(TM)
OriginalFilename : aoltpspd.exe
#:52 [wisptis.exe]
ModuleName : C:\WINDOWS\System32\WISPTIS.EXE
Command Line : "C:\WINDOWS\System32\WISPTIS.EXE" -Embedding
ProcessID : 1236
ThreadCreationTime : 10-15-2005 12:28:07 AM
BasePriority : High
FileVersion : 1.0.2201.0 (xpsp1.020820-1800)
ProductVersion : 1.0.2201.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft Tablet PC Platform Component
InternalName : WISPTIS.EXE
LegalCopyright : Copyright © 1998-2002 Microsoft Corporation.
OriginalFilename : WISPTIS.EXE
#:53 [ad-aware.exe]
ModuleName : C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
Command Line : "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" /598853 +483832
ProcessID : 2064
ThreadCreationTime : 10-15-2005 12:44:34 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 26
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{ffffffff-ffff-ffff-ffff-fffffffffffa}
CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\vmhomepage
CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\vmhomepage
Value : CurVer
CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\vmhomepage.1
FizzleBar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolbarbesttoolbarstoolbar.besttoolbarstoolbarobject
FizzleBar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolbarbesttoolbarstoolbar.besttoolbarstoolbarobject.1
Softomate Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{cabbb49a-4d7b-415b-8250-15c3b854e9ff}
CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{ffffffff-ffff-ffff-ffff-fffffffffffa}
Softomate Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\toolbarbesttoolbarstoolbar.besttoolbarstoolbarobject
Softomate Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\toolbarbesttoolbarstoolbar.besttoolbarstoolbarobject.1
Win32.Trojan.Puper.d Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objecta\{ffffffff-ffff-ffff-ffff-fffffffffffa}
WinFixer Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\winsoftware\winfixer 2005
Win32.Trojan.Puper.d Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Malware
Comment : "paint.exe"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\policies\explorer\run
Value : paint.exe
Win32.Trojandownloader.Zlob Object Recognized!
Type : RegData
Data : Explorer.exe, msmsgs.exe
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : Explorer.exe, msmsgs.exe
Windows Object Recognized!
Type : RegData
Data : explorer.exe, msmsgs.exe
TAC Rating : 3
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe, msmsgs.exe
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 15
Objects found so far: 41
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pagedefault-homepage-network.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://default-homepage-network.com/start.cgi?np-hklm"
TAC Rating : 3
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "http://default-homepage-network.com/start.cgi?np-hklm"
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 42
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ray briggs@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ray Briggs.HOMEOFFICE\Cookies\ray briggs@2o7[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ray briggs@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ray Briggs.HOMEOFFICE\Cookies\ray briggs@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ray briggs@centrport[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ray Briggs.HOMEOFFICE\Cookies\ray briggs@centrport[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ray briggs@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ray Briggs.HOMEOFFICE\Cookies\ray briggs@mediaplex[1].txt
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 46
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ethel's account@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ethel's Account\Cookies\ethel's account@2o7[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ethel's account@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ethel's Account\Cookies\ethel's account@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ethel's account@centrport[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ethel's Account\Cookies\ethel's account@centrport[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ethel's account@data.coremetrics[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ethel's Account\Cookies\ethel's account@data.coremetrics[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ethel's account@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ethel's Account\Cookies\ethel's account@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ethel's account@ehg-comcast.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ethel's Account\Cookies\ethel's account@ehg-comcast.hitbox[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ethel's account@hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ethel's Account\Cookies\ethel's account@hitbox[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ethel's account@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ethel's Account\Cookies\ethel's account@mediaplex[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ethel's account@server.iad.liveperson[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ethel's Account\Cookies\ethel's account@server.iad.liveperson[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ethel's account@statse.webtrendslive[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ethel's Account\Cookies\ethel's account@statse.webtrendslive[1].txt
Lop Object Recognized!
Type : File
Data : timBFA.tmp.exe
TAC Rating : 7
Category : Malware
Comment :
Object : C:\Documents and Settings\Ray Briggs\Local Settings\Temp\
Lop Object Recognized!
Type : File
Data : timBFD.tmp.exe
TAC Rating : 7
Category : Malware
Comment :
Object : C:\Documents and Settings\Ray Briggs\Local Settings\Temp\
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ray briggs@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ray Briggs.HOMEOFFICE\Local Settings\Temp\Cookies\ray briggs@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ray briggs@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ray Briggs.HOMEOFFICE\Local Settings\Temp\Cookies\ray briggs@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ray briggs@edge.ru4[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ray Briggs.HOMEOFFICE\Local Settings\Temp\Cookies\ray briggs@edge.ru4[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ray briggs@mediaplex[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ray Briggs.HOMEOFFICE\Local Settings\Temp\Cookies\ray briggs@mediaplex[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ray briggs@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ray Briggs.HOMEOFFICE\Local Settings\Temp\Cookies\ray briggs@questionmarket[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ray briggs@tribalfusion[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ray Briggs.HOMEOFFICE\Local Settings\Temp\Cookies\ray briggs@tribalfusion[2].txt
180Solutions Object Recognized!
Type : File
Data : salmhook.dll
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\Program Files\180searchassistant\
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : ncmyb Dynamic Link Library
CompanyName : 180solutions, inc.
FileDescription : Browser Integrations Module
InternalName : ncmyb
LegalCopyright : Copyright (C) 2005
OriginalFilename : ncmyb.dll
Claria Object Recognized!
Type : File
Data : DateManager.exe
TAC Rating : 7
Category : Data Miner
Comment : DateManager
Object : C:\Program Files\Date Manager\
FileVersion : 2.0.0.1
ProductVersion : 2.0.0.1
ProductName : Date Manager
CompanyName : The Gator Corporation
FileDescription : Date Manager Application
InternalName : DateManager.exe
LegalCopyright : Copyright © 2002 The Gator Corporation
OriginalFilename : DateManager.exe
Claria Object Recognized!
Type : File
Data : PrecisionTime.exe
TAC Rating : 7
Category : Data Miner
Comment : PrecisionTime
Object : C:\Program Files\PrecisionTime\
FileVersion : 2.0.0.2
ProductVersion : 2.0.0.2
ProductName : PrecisionTime
CompanyName : The Gator Corporation
FileDescription : Precision Time Application
InternalName : PrecisionTime.exe
LegalCopyright : Copyright © 2002 The Gator Corporation
OriginalFilename : PrecisionTime.exe
TIB Browser Object Recognized!
Type : File
Data : 109998.ban
TAC Rating : 6
Category : Dialer
Comment :
Object : C:\Program Files\WebSiteViewer\
Marketscore(Netsetter) Object Recognized!
Type : File
Data : okshook.dll
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1.3.4.203 (Build 203)
ProductVersion : 1.3.4.203 (Build 203)
ProductName : Marketscore Internet Accelerator (OSSProxy)
CompanyName : Marketscore
FileDescription : Marketscore Internet Accelerator
InternalName : OSSProxy
LegalCopyright : Copyright © 2001-2003
OriginalFilename : ossproxy.exe
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 69
Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Marketscore(Netsetter) Object Recognized!
Type : File
Data : okshook.dll
TAC Rating : 7
Category : Data Miner
Comment :
Object : F:\StorageSync\Drive_C\WINDOWS\system32\
FileVersion : 1.3.4.203 (Build 203)
ProductVersion : 1.3.4.203 (Build 203)
ProductName : Marketscore Internet Accelerator (OSSProxy)
CompanyName : Marketscore
FileDescription : Marketscore Internet Accelerator
InternalName : OSSProxy
LegalCopyright : Copyright © 2001-2003
OriginalFilename : ossproxy.exe
Claria Object Recognized!
Type : File
Data : 46510400.asw
TAC Rating : 7
Category : Data Miner
Comment :
Object : F:\StorageSync\Drive_C\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : GAIN Publishing
CompanyName : GAIN Publishing, Inc
FileDescription : Gator Client Application
InternalName : GMT.exe
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc
OriginalFilename : GMT.exe
Claria Object Recognized!
Type : File
Data : 46510684.asw
TAC Rating : 7
Category : Data Miner
Comment :
Object : F:\StorageSync\Drive_C\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GMTProxy.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GMTProxy.dll
Claria Object Recognized!
Type : File
Data : 46510762.asw
TAC Rating : 7
Category : Data Miner
Comment :
Object : F:\StorageSync\Drive_C\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GController.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GController.dll
Claria Object Recognized!
Type : File
Data : 46510825.asw
TAC Rating : 7
Category : Data Miner
Comment :
Object : F:\StorageSync\Drive_C\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : CMESys.exe
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : CMESys.exe
Claria Object Recognized!
Type : File
Data : DateManager.exe
TAC Rating : 7
Category : Data Miner
Comment : DateManager
Object : F:\StorageSync\Drive_C\Program Files\Date Manager\
FileVersion : 2.0.0.1
ProductVersion : 2.0.0.1
ProductName : Date Manager
CompanyName : The Gator Corporation
FileDescription : Date Manager Application
InternalName : DateManager.exe
LegalCopyright : Copyright © 2002 The Gator Corporation
OriginalFilename : DateManager.exe
Claria Object Recognized!
Type : File
Data : PrecisionTime.exe
TAC Rating : 7
Category : Data Miner
Comment : PrecisionTime
Object : F:\StorageSync\Drive_C\Program Files\PrecisionTime\
FileVersion : 2.0.0.2
ProductVersion : 2.0.0.2
ProductName : PrecisionTime
CompanyName : The Gator Corporation
FileDescription : Precision Time Application
InternalName : PrecisionTime.exe
LegalCopyright : Copyright © 2002 The Gator Corporation
OriginalFilename : PrecisionTime.exe
TIB Browser Object Recognized!
Type : File
Data : 109998.ban
TAC Rating : 6
Category : Dialer
Comment :
Object : F:\StorageSync\Drive_C\Program Files\WebSiteViewer\
Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 77
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 77
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wind updates
CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wind updates
Value : DisplayName
CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager
CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Custom Search URL
CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search\searchproperties\en-us
Value : SingleProvider
CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows
Value : PopupMgr
CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search\searchproperties\en-us
Value : Panel@Web
CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Enable Browser Extensions
CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
CoolWebSearch Object Recognized!
Type : RegData
Data : no
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no
CoolWebSearch Object Recognized!
Type : RegData
Data : no
TAC Rating : 10
Category : Malware
Comment |
|
| Back to top |
|
|
Ray
Joined: 15 Oct 2005
Posts: 11
|
| Posted: Sat Oct 15, 2005 7:28 am Post subject: Security Center and W32.sinnaka.a@mm Virus |
|
|
Corfrine,
I followed your instructions and posted the Log. Can I change my Windows settings back ? Ray |
|
| Back to top |
|
|
Corrine
Administrator
Joined: 18 Jan 2001
Posts: 13529
Location: Upstate, NY
|
| Posted: Sat Oct 15, 2005 7:36 am Post subject: |
|
|
Hi, Ray. Your complete log didn't post -- its due to the limitations of the various forum software programs. Let's see what we can do to remove some of the extraneous objects and then get to the bottom of things by clearing out the temp files and UNchecking the scan for negligible objects with Ad-Aware. You will need CCleaner later in the process anyway and most likely some other tools.
Download CCleaner 1.24.180 from the link at the upper right of this page: http://www.filehippo.com/download_ccleaner.html
To use CCleaner to assist in this process, please follow these instructions:1. Before first use, check under Options > Advanced > UNcheck "Only delete files in Windows Temp folder older than 48 hours".
2. A pop up box will appear advising this process will permanently delete files from your system.
3. To protect logon cookies that you wish to retain, under Options > Cookies. Select and using the arrow move those cookies to the "Cookies to keep" column.
4. Then select the items you wish to clean up.
In the Windows Tab:
Clean all entries in the "Internet Explorer" section.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.
In the Applications Tab:
Clean all in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.
5. Then click the "Run Cleaner" button and it will scan and clean your system.
6. Click exit
7. Shutdown/restart
Now run a full system scan with Ad-Aware once again, this time, uncheck "Search for negligible risk entries". Watch for the summary at the end in your reply. If it is not there, go back to your logfile and copy from the last object that posted to the end and paste it in a second reply.
_________________
Freedomlist.com (March 1, 2000 - 2013)
Take a walk through my Security Garden |
|
| Back to top |
|
|
Ray
Joined: 15 Oct 2005
Posts: 11
|
| Posted: Sat Oct 15, 2005 12:07 pm Post subject: total scan log |
|
|
Corrine:
My log was pasted in a Word File and started with the following:
Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, October 14, 2005 9:23:59 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R70 12.10.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects
10-14-2005 9:23:59 PM - Scan started. (Full System
It ended with this Suimmary:
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 53
Objects found so far: 130
10:28:39 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:01:04:40.438
Objects scanned:223850
Objects identified:108
Objects ignored:0
New critical objects:108
Ray |
|
| Back to top |
|
|
Corrine
Administrator
Joined: 18 Jan 2001
Posts: 13529
Location: Upstate, NY
|
| Posted: Sat Oct 15, 2005 12:12 pm Post subject: |
|
|
Hi, Ray. Yes, but what was between
CoolWebSearch Object Recognized!
Type : RegData
Data : no
TAC Rating : 10
Category : Malware
Comment
and the summary?
Have you run CCleaner? If so, please do a new scan and post it. If not, please post what was between that last CWS entry and the summary.
Thanks.
_________________
Freedomlist.com (March 1, 2000 - 2013)
Take a walk through my Security Garden |
|
| Back to top |
|
|
Ray
Joined: 15 Oct 2005
Posts: 11
|
| Posted: Sat Oct 15, 2005 17:30 pm Post subject: Corrine- First Answer |
|
|
See Below
Hi, Ray. Yes, but what was between
CoolWebSearch Object Recognized!
Type : RegData
Data : no
TAC Rating : 10
Category : Malware
Comment
and the summary?
=================================
I believe this iis the info you are looking for:
CoolWebSearch Object Recognized!
Type : RegData
Data : no
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no
CoolWebSearch Object Recognized!
Type : RegData
Data : no
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no
CoolWebSearch Object Recognized!
Type : Folder
TAC Rating : 10
Category : Malware
Comment : CoolWebSearch
Object : C:\Program Files\WindUpdates
CoolWebSearch Object Recognized!
Type : File
Data : Comm.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\windupdates\
CoolWebSearch Object Recognized!
Type : File
Data : wbemess.log
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\wbem\logs\
Softomate Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\besttoolbars
Win32.Trojan.Puper.d Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Page
Win32.Trojan.Puper.d Object Recognized!
Type : File
Data : intmonp.exe
TAC Rating : 6
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
WinFixer Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\explorer\bitbucket\c
WinFixer Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\winsoftware
Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\policies\explorer\run
Value : notepad.exe
Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : msmsgs.exe
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\explorer bars\{30d02401-6a81-11d0-8274-00c04fd5ae38}
180Solutions Object Recognized!
Type : Folder
TAC Rating : 6
Category : Data Miner
Comment : 180Solutions
Object : C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\180search Assistant
180Solutions Object Recognized!
Type : File
Data : 180search Assistant.com.url
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\180search assistant\
180Solutions Object Recognized!
Type : File
Data : Uninstall 180search Assistant Instructions.lnk
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\180search assistant\
Claria Object Recognized!
Type : Folder
TAC Rating : 7
Category : Data Miner
Comment : Claria
Object : C:\Program Files\PrecisionTime
Claria Object Recognized!
Type : Folder
TAC Rating : 7
Category : Data Miner
Comment : Claria
Object : C:\Program Files\Gator.com
Claria Object Recognized!
Type : Folder
TAC Rating : 7
Category : Data Miner
Comment : Claria
Object : C:\Program Files\Date Manager
Claria Object Recognized!
Type : Folder
TAC Rating : 7
Category : Data Miner
Comment : Claria
Object : C:\Program Files\DashBar
Claria Object Recognized!
Type : Folder
TAC Rating : 7
Category : Data Miner
Comment : Claria
Object : C:\Program Files\Common Files\GMT
Claria Object Recognized!
Type : Folder
TAC Rating : 7
Category : Data Miner
Comment : Claria
Object : C:\Program Files\Common Files\CMEII
Claria Object Recognized!
Type : File
Data : INSTALL.LOG
TAC Rating : 7
Category : Data Miner
Comment : PrecisionTime
Object : C:\Program Files\precisiontime\
Claria Object Recognized!
Type : File
Data : UNWISE.EXE
TAC Rating : 7
Category : Data Miner
Comment : PrecisionTime
Object : C:\Program Files\precisiontime\
Claria Object Recognized!
Type : File
Data : DateManager.exe
TAC Rating : 7
Category : Data Miner
Comment : Date Manager
Object : C:\Program Files\date manager\
FileVersion : 2.0.0.1
ProductVersion : 2.0.0.1
ProductName : Date Manager
CompanyName : The Gator Corporation
FileDescription : Date Manager Application
InternalName : DateManager.exe
LegalCopyright : Copyright © 2002 The Gator Corporation
OriginalFilename : DateManager.exe
Claria Object Recognized!
Type : File
Data : INSTALL.LOG
TAC Rating : 7
Category : Data Miner
Comment : Date Manager
Object : C:\Program Files\date manager\
Claria Object Recognized!
Type : File
Data : UNWISE.EXE
TAC Rating : 7
Category : Data Miner
Comment : Date Manager
Object : C:\Program Files\date manager\
Claria Object Recognized!
Type : File
Data : DashBarSetup.log
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\dashbar\
Claria Object Recognized!
Type : File
Data : DBUninstaller.exe
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\dashbar\
Claria Object Recognized!
Type : File
Data : DBUninstaller.exe.manifest
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\dashbar\
Claria Object Recognized!
Type : File
Data : gOps.bac
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\Common Files\cmeii\
Claria Object Recognized!
Type : File
Data : gReg.reg
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\Common Files\cmeii\
TIB Browser Object Recognized!
Type : Folder
TAC Rating : 6
Category : Dialer
Comment : TIB Browser
Object : C:\Program Files\WebSiteViewer
TIB Browser Object Recognized!
Type : File
Data : 109998.dd
TAC Rating : 6
Category : Dialer
Comment :
Object : C:\Program Files\websiteviewer\
TIB Browser Object Recognized!
Type : File
Data : 109998.dlr
TAC Rating : 6
Category : Dialer
Comment :
Object : C:\Program Files\websiteviewer\
TIB Browser Object Recognized!
Type : File
Data : 109998.ico
TAC Rating : 6
Category : Dialer
Comment :
Object : C:\Program Files\websiteviewer\
Lop Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar
Marketscore(Netsetter) Object Recognized!
Type : File
Data : osmim.dll
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1.0.0.28 (Build 28)
ProductVersion : 1.0.0.28 (Build 28)
ProductName : Marketscore OSMIM
CompanyName : Marketscore
FileDescription : OSMIM
InternalName : OSMIM
LegalCopyright : Copyright © 2003
OriginalFilename : OSMIM.dll
Marketscore(Netsetter) Object Recognized!
Type : File
Data : nsreg.dat
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\WINDOWS\
Other Object Recognized!
Type : File
Data : MSMSGS.EXE-124D63BE.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\
Other Object Recognized!
Type : File
Data : MSMSGS.EXE-2B6052DE.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\
Other Object Recognized!
Type : File
Data : UNWISE.EXE-02822F6D.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 51
Objects found so far: 97
2:43:11 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:58:40.344
Objects scanned:216815
Objects identified:101
Objects ignored:0
New critical objects:101 |
|
| Back to top |
|
|
Ray
Joined: 15 Oct 2005
Posts: 11
|
| Posted: Sat Oct 15, 2005 17:43 pm Post subject: |
|
|
Corine - See Below: I hope this gets you what you need - Thanks for your Help. Ray
Have you run CCleaner? If so, please do a new scan and post it. If not, please post what was between that last CWS entry and the summary.
=========================================
I ran the CCleanedr and the results of the Scan Log Was:
==========================================
Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, October 15, 2005 3:34:37 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R70 12.10.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects
10-15-2005 3:34:37 PM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 668
ThreadCreationTime : 10-15-2005 2:47:12 PM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 740
ThreadCreationTime : 10-15-2005 2:47:45 PM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\SYSTEM32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 764
ThreadCreationTime : 10-15-2005 2:47:46 PM
BasePriority : High
Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, October 15, 2005 3:34:37 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R70 12.10.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects
10-15-2005 3:34:37 PM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 668
ThreadCreationTime : 10-15-2005 2:47:12 PM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 740
ThreadCreationTime : 10-15-2005 2:47:45 PM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\SYSTEM32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 764
ThreadCreationTime : 10-15-2005 2:47:46 PM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 808
ThreadCreationTime : 10-15-2005 2:47:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 820
ThreadCreationTime : 10-15-2005 2:47:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 988
ThreadCreationTime : 10-15-2005 2:47:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1036
ThreadCreationTime : 10-15-2005 2:47:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1200
ThreadCreationTime : 10-15-2005 2:47:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1284
ThreadCreationTime : 10-15-2005 2:47:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1404
ThreadCreationTime : 10-15-2005 2:47:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [ccsetmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
ProcessID : 1588
ThreadCreationTime : 10-15-2005 2:47:59 PM
BasePriority : Normal
FileVersion : 2.1.7.2
ProductVersion : 2.1.7.2
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:12 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1676
ThreadCreationTime : 10-15-2005 2:47:59 PM
BasePriority : Normal
FileVersion : 2.1.7.2
ProductVersion : 2.1.7.2
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:13 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 276
ThreadCreationTime : 10-15-2005 2:48:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:14 [aolacsd.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"
ProcessID : 416
ThreadCreationTime : 10-15-2005 2:48:07 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service
InternalName : AOLacsd
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLacsd.exe
#:15 [aoltsmon.exe]
ModuleName : C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
Command Line : "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"
ProcessID : 428
ThreadCreationTime : 10-15-2005 2:48:07 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed(TM) Monitor
CompanyName : America Online, Inc
FileDescription : AOL TopSpeed(TM) Monitor
InternalName : AOL TopSpeed(TM) Monitor
LegalCopyright : Copyright © 2004 America Online, Inc.
OriginalFilename : aoltsmon.exe
#:16 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
ProcessID : 472
ThreadCreationTime : 10-15-2005 2:48:07 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:17 [aoltpspd.exe]
ModuleName : C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
Command Line : -p11526 -q"11527,11528,11529,11530,11531,11532,11533" -S256 -G"C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\TopSpeed\2.0\vph.ph" -H428 -e1
ProcessID : 480
ThreadCreationTime : 10-15-2005 2:48:07 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed(TM)
CompanyName : America Online Inc
FileDescription : AOL TopSpeed(TM)
InternalName : AOL TopSpeed(TM) Loader
LegalCopyright : Copyright © 2003-2004
LegalTrademarks : AOL TopSpeed(TM)
OriginalFilename : aoltpspd.exe
#:18 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 500
ThreadCreationTime : 10-15-2005 2:48:08 PM
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:19 [hpzipm12.exe]
ModuleName : C:\WINDOWS\System32\HPZipm12.exe
Command Line : C:\WINDOWS\System32\HPZipm12.exe
ProcessID : 548
ThreadCreationTime : 10-15-2005 2:48:08 PM
BasePriority : Normal
FileVersion : 4, 5, 0, 802
ProductVersion : 4, 5, 0, 802
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe
#:20 [savscan.exe]
ModuleName : C:\Program Files\Norton AntiVirus\SAVScan.exe
Command Line : "C:\Program Files\Norton AntiVirus\SAVScan.exe"
ProcessID : 584
ThreadCreationTime : 10-15-2005 2:48:09 PM
BasePriority : Normal
ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright (c) 2004 Symantec Corporation
OriginalFilename : SAVSCAN.EXE
#:21 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 696
ThreadCreationTime : 10-15-2005 2:48:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:22 [symlcsvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
ProcessID : 784
ThreadCreationTime : 10-15-2005 2:48:09 PM
BasePriority : Normal
FileVersion : 1, 8, 50, 196
ProductVersion : 1, 8, 50, 196
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright (C) 2003
OriginalFilename : symlcsvc.exe
#:23 [symwsc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"
ProcessID : 1460
ThreadCreationTime : 10-15-2005 2:48:13 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe
#:24 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1824
ThreadCreationTime : 10-15-2005 2:48:18 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:25 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 3448
ThreadCreationTime : 10-15-2005 2:49:18 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
#:26 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 5240
ThreadCreationTime : 10-15-2005 5:34:31 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:27 [shnlog.exe]
ModuleName : C:\WINDOWS\system32\shnlog.exe
Command Line : "C:\WINDOWS\system32\shnlog.exe"
ProcessID : 5372
ThreadCreationTime : 10-15-2005 5:34:38 PM
BasePriority : Normal
#:28 [hpgs2wnd.exe]
ModuleName : C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
Command Line : "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
ProcessID : 5412
ThreadCreationTime : 10-15-2005 5:34:38 PM
BasePriority : Normal
FileVersion : 2,3,0,0\ 161
ProductVersion : 2,3,0,0\ 161
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe
#:29 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 5420
ThreadCreationTime : 10-15-2005 5:34:39 PM
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:30 [intmon.exe]
ModuleName : C:\WINDOWS\system32\intmon.exe
Command Line : intmon.exe
ProcessID : 5480
ThreadCreationTime : 10-15-2005 5:34:41 PM
BasePriority : Normal
#:31 [strgsync.exe]
ModuleName : C:\Program Files\StorageSync\StrgSync.exe
Command Line : "C:\Program Files\StorageSync\StrgSync.exe"
ProcessID : 5544
ThreadCreationTime : 10-15-2005 5:34:41 PM
BasePriority : Normal
#:32 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 5552
ThreadCreationTime : 10-15-2005 5:34:42 PM
BasePriority : Normal
FileVersion : 2.1.7.2
ProductVersion : 2.1.7.2
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:33 [hpgs2wnf.exe]
ModuleName : C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
Command Line : "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe" -Embedding
ProcessID : 5560
ThreadCreationTime : 10-15-2005 5:34:42 PM
BasePriority : Normal
FileVersion : 2, 6, 0, 161
ProductVersion : 2, 6, 0, 161
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE
#:34 [realplay.exe]
ModuleName : C:\Program Files\Real\RealPlayer\RealPlay.exe
Command Line : "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
ProcessID : 5572
ThreadCreationTime : 10-15-2005 5:34:43 PM
BasePriority : Normal
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE
#:35 [aoldial.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
ProcessID : 5648
ThreadCreationTime : 10-15-2005 5:34:52 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service Dialer
InternalName : AOLdial
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLdial.exe
#:36 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 5664
ThreadCreationTime : 10-15-2005 5:34:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:37 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 5672
ThreadCreationTime : 10-15-2005 5:34:53 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:38 [stimgbrowser.exe]
ModuleName : C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
Command Line : "C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe" /s
ProcessID : 5812
ThreadCreationTime : 10-15-2005 5:35:01 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 4
ProductVersion : 1, 0, 0, 4
ProductName : Samsung Digimax Viewer 2.1
CompanyName : STOIK Imaging (www.stoik.com)
FileDescription : STOIK Image Browser
InternalName : STOIK Image Browser
LegalCopyright : Copyright (C) STOIK Imaging Ltd. 2003
OriginalFilename : STImgBrowser.EXE
Comments : This is customization of STOIK Imaging Image Browser
#:39 [hpobnz08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe"
ProcessID : 5888
ThreadCreationTime : 10-15-2005 5:35:05 PM
BasePriority : Normal
FileVersion : 2.00
ProductVersion : 001.000.000.155
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOBNZ08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOBNZ08.EXE
Comments : HP OfficeJet <Banzai> Series COM Device Objects
#:40 [aolhostmanager.exe]
ModuleName : C:\Program Files\Common Files\AOL\1125074644\ee\AOLHostManager.exe
Command Line : "C:\Program Files\Common Files\AOL\1125074644\ee\AOLHostManager.exe" /Embedding /c defaultCfg
ProcessID : 5912
ThreadCreationTime : 10-15-2005 5:35:06 PM
BasePriority : Normal
FileVersion : 1.3.6.0
ProductVersion : 1.3.6.0
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOLHostManager
InternalName : AOLHostManager
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLHostManager.exe
#:41 [aolservicehost.exe]
ModuleName : C:\Program Files\Common Files\AOL\1125074644\ee\AOLServiceHost.exe
Command Line : "C:\Program Files\Common Files\AOL\1125074644\ee\AOLServiceHost.exe" /c defaultCfg /h defaultGrp
ProcessID : 5972
ThreadCreationTime : 10-15-2005 5:35:12 PM
BasePriority : Normal
FileVersion : 1.3.6.0
ProductVersion : 1.3.6.0
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLServiceHost
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLServiceHost.exe
#:42 [hposol08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
Command Line : "C:\Program
ProcessID : 6004
ThreadCreationTime : 10-15-2005 5:35:14 PM
BasePriority : Normal
FileVersion : 2.00
ProductVersion : 001.000.000.155
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOSOL08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOSOL08.EXE
Comments : HP OfficeJet <Solar> Series COM Device Objects
#:43 [hpoevm08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe" -Embedding
ProcessID : 2836
ThreadCreationTime : 10-15-2005 5:35:28 PM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 001.000.000.155
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOEVM08.EXE
Comments : HP OfficeJet COM Event Manager
#:44 [aolsp scheduler.exe]
ModuleName : c:\program files\common files\aol\1125074644\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
Command Line : "c:\program files\common files\aol\1125074644\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe"
ProcessID : 1168
ThreadCreationTime : 10-15-2005 5:35:52 PM
BasePriority : Normal
#:45 [aolservicehost.exe]
ModuleName : C:\Program Files\Common Files\AOL\1125074644\ee\AOLServiceHost.exe
Command Line : "C:\Program Files\Common Files\AOL\1125074644\ee\AOLServiceHost.exe" /c defaultCfg /a eeapp_antiSpywareApp_2.0.7 /f "c:\program files\common files\aol\1125074644\ee\services\antiSpywareApp\ver2_0_7\antiSpywareApp.dll" /l "" /d clientMoniker=ee://aol/antiSpywar
ProcessID : 2792
ThreadCreationTime : 10-15-2005 5:35:54 PM
BasePriority : Normal
FileVersion : 1.3.6.0
ProductVersion : 1.3.6.0
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLServiceHost
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLServiceHost.exe
#:46 [hposts08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe" /CtxID "#Hewlett-Packard#hp psc 2200 series#1096569888" /Startup
ProcessID : 1252
ThreadCreationTime : 10-15-2005 5:36:07 PM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 001.000.000.155
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOCPY08.EXE
Comments : HP OfficeJet Status
#:47 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2360
ThreadCreationTime : 10-15-2005 7:33:10 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{ffffffff-ffff-ffff-ffff-fffffffffffa}
CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\vmhomepage
CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\vmhomepage
Value : CurVer
CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\vmhomepage.1
FizzleBar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolbarbesttoolbarstoolbar.besttoolbarstoolbarobject
FizzleBar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolbarbesttoolbarstoolbar.besttoolbarstoolbarobject.1
Softomate Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{cabbb49a-4d7b-415b-8250-15c3b854e9ff}
CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{ffffffff-ffff-ffff-ffff-fffffffffffa}
Softomate Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\toolbarbesttoolbarstoolbar.besttoolbarstoolbarobject
Softomate Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\toolbarbesttoolbarstoolbar.besttoolbarstoolbarobject.1
Win32.Trojan.Puper.d Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objecta\{ffffffff-ffff-ffff-ffff-fffffffffffa}
WinFixer Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\winsoftware\winfixer 2005
Win32.Trojan.Puper.d Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Malware
Comment : "paint.exe"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\policies\explorer\run
Value : paint.exe
Win32.Trojandownloader.Zlob Object Recognized!
Type : RegData
Data : Explorer.exe, msmsgs.exe
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : Explorer.exe, msmsgs.exe
Windows Object Recognized!
Type : RegData
Data : explorer.exe, msmsgs.exe
TAC Rating : 3
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe, msmsgs.exe
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 15
Objects found so far: 15
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pagedefault-homepage-network.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://default-homepage-network.com/start.cgi?np-hklm"
TAC Rating : 3
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "http://default-homepage-network.com/start.cgi?np-hklm"
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 16
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ray briggs@mediaplex[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:ray briggs@mediaplex.com/
Expires : 6-21-2009 8:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ray briggs@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:ray briggs@atdmt.com/
Expires : 10-13-2010 8:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ray briggs@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:ray briggs@2o7.net/
Expires : 10-14-2010 11:04:52 AM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 19
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ethel's account@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ethel's Account\Cookies\ethel's account@2o7[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ethel's account@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ethel's Account\Cookies\ethel's account@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ethel's account@centrport[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ethel's Account\Cookies\ethel's account@centrport[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ethel's account@data.coremetrics[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ethel's Account\Cookies\ethel's account@data.coremetrics[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ethel's account@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ethel's Account\Cookies\ethel's account@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ethel's account@ehg-comcast.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ethel's Account\Cookies\ethel's account@ehg-comcast.hitbox[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ethel's account@hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ethel's Account\Cookies\ethel's account@hitbox[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ethel's account@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ethel's Account\Cookies\ethel's account@mediaplex[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ethel's account@server.iad.liveperson[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ethel's Account\Cookies\ethel's account@server.iad.liveperson[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ethel's account@statse.webtrendslive[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ethel's Account\Cookies\ethel's account@statse.webtrendslive[1].txt
180Solutions Object Recognized!
Type : File
Data : salmhook.dll
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\Program Files\180searchassistant\
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : ncmyb Dynamic Link Library
CompanyName : 180solutions, inc.
FileDescription : Browser Integrations Module
InternalName : ncmyb
LegalCopyright : Copyright (C) 2005
OriginalFilename : ncmyb.dll
Claria Object Recognized!
Type : File
Data : DateManager.exe
TAC Rating : 7
Category : Data Miner
Comment : DateManager
Object : C:\Program Files\Date Manager\
FileVersion : 2.0.0.1
ProductVersion : 2.0.0.1
ProductName : Date Manager
CompanyName : The Gator Corporation
FileDescription : Date Manager Application
InternalName : DateManager.exe
LegalCopyright : Copyright © 2002 The Gator Corporation
OriginalFilename : DateManager.exe
Claria Object Recognized!
Type : File
Data : PrecisionTime.exe
TAC Rating : 7
Category : Data Miner
Comment : PrecisionTime
Object : C:\Program Files\PrecisionTime\
FileVersion : 2.0.0.2
ProductVersion : 2.0.0.2
ProductName : PrecisionTime
CompanyName : The Gator Corporation
FileDescription : Precision Time Application
InternalName : PrecisionTime.exe
LegalCopyright : Copyright © 2002 The Gator Corporation
OriginalFilename : PrecisionTime.exe
TIB Browser Object Recognized!
Type : File
Data : 109998.ban
TAC Rating : 6
Category : Dialer
Comment :
Object : C:\Program Files\WebSiteViewer\
Lop Object Recognized!
Type : File
Data : A0379280.exe
TAC Rating : 7
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{9D837BFC-2938-4E7C-9202-D7B326530104}\RP481\
Lop Object Recognized!
Type : File
Data : A0379281.exe
TAC Rating : 7
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{9D837BFC-2938-4E7C-9202-D7B326530104}\RP481\
Marketscore(Netsetter) Object Recognized!
Type : File
Data : okshook.dll
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1.3.4.203 (Build 203)
ProductVersion : 1.3.4.203 (Build 203)
ProductName : Marketscore Internet Accelerator (OSSProxy)
CompanyName : Marketscore
FileDescription : Marketscore Internet Accelerator
InternalName : OSSProxy
LegalCopyright : Copyright © 2001-2003
OriginalFilename : ossproxy.exe
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 36
Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Marketscore(Netsetter) Object Recognized!
Type : File
Data : okshook.dll
TAC Rating : 7
Category : Data Miner
Comment :
Object : F:\StorageSync\Drive_C\WINDOWS\system32\
FileVersion : 1.3.4.203 (Build 203)
ProductVersion : 1.3.4.203 (Build 203)
ProductName : Marketscore Internet Accelerator (OSSProxy)
CompanyName : Marketscore
FileDescription : Marketscore Internet Accelerator
InternalName : OSSProxy
LegalCopyright : Copyright © 2001-2003
OriginalFilename : ossproxy.exe
Claria Object Recognized!
Type : File
Data : 46510400.asw
TAC Rating : 7
Category : Data Miner
Comment :
Object : F:\StorageSync\Drive_C\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : GAIN Publishing
CompanyName : GAIN Publishing, Inc
FileDescription : Gator Client Application
InternalName : GMT.exe
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc
OriginalFilename : GMT.exe
Claria Object Recognized!
Type : File
Data : 46510684.asw
TAC Rating : 7
Category : Data Miner
Comment :
Object : F:\StorageSync\Drive_C\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GMTProxy.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GMTProxy.dll
Claria Object Recognized!
Type : File
Data : 46510762.asw
TAC Rating : 7
Category : Data Miner
Comment :
Object : F:\StorageSync\Drive_C\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GController.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GController.dll
Claria Object Recognized!
Type : File
Data : 46510825.asw
TAC Rating : 7
Category : Data Miner
Comment :
Object : F:\StorageSync\Drive_C\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : CMESys.exe
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : CMESys.exe
Claria Object Recognized!
Type : File
Data : DateManager.exe
TAC Rating : 7
Category : Data Miner
Comment : DateManager
Object : F:\StorageSync\Drive_C\Program Files\Date Manager\
FileVersion : 2.0.0.1
ProductVersion : 2.0.0.1
ProductName : Date Manager
CompanyName : The Gator Corporation
FileDescription : Date Manager Application
InternalName : DateManager.exe
LegalCopyright : Copyright © 2002 The Gator Corporation
OriginalFilename : DateManager.exe
Claria Object Recognized!
Type : File
Data : PrecisionTime.exe
TAC Rating : 7
Category : Data Miner
Comment : PrecisionTime
Object : F:\StorageSync\Drive_C\Program Files\PrecisionTime\
FileVersion : 2.0.0.2
ProductVersion : 2.0.0.2
ProductName : PrecisionTime
CompanyName : The Gator Corporation
FileDescription : Precision Time Application
InternalName : PrecisionTime.exe
LegalCopyright : Copyright © 2002 The Gator Corporation
OriginalFilename : PrecisionTime.exe
TIB Browser Object Recognized!
Type : File
Data : 109998.ban
TAC Rating : 6
Category : Dialer
Comment :
Object : F:\StorageSync\Drive_C\Program Files\WebSiteViewer\
Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 44
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 44
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wind updates
CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wind updates
Value : DisplayName
CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager
CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Custom Search URL
CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search\searchproperties\en-us
Value : SingleProvider
CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows
Value : PopupMgr
CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search\searchproperties\en-us
Value : Panel@Web
CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Enable Browser Extensions
CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
CoolWebSearch Object Recognized!
Type : RegData
Data : no
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no
CoolWebSearch Object Recognized!
Type : RegData
Data : no
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no
CoolWebSearch Object Recognized!
Type : Folder
TAC Rating : 10
Category : Malware
Comment : CoolWebSearch
Object : C:\Program Files\WindUpdates
CoolWebSearch Object Recognized!
Type : File
Data : Comm.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\windupdates\
CoolWebSearch Object Recognized!
Type : File
Data : wbemess.log
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\wbem\logs\
Softomate Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\besttoolbars
Win32.Trojan.Puper.d Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Page
Win32.Trojan.Puper.d Object Recognized!
Type : File
Data : intmonp.exe
TAC Rating : 6
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
WinFixer Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\explorer\bitbucket\c
WinFixer Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\winsoftware
Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\policies\explorer\run
Value : notepad.exe
Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : msmsgs.exe
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\explorer bars\{30d02401-6a81-11d0-8274-00c04fd5ae38}
180Solutions Object Recognized!
Type : Folder
TAC Rating : 6
Category : Data Miner
Comment : 180Solutions
Object : C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\180search Assistant
180Solutions Object Recognized!
Type : File
Data : 180search Assistant.com.url
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\180search assistant\
180Solutions Object Recognized!
Type : File
Data : Uninstall 180search Assistant Instructions.lnk
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\180search assistant\
Claria Object Recognized!
Type : Folder
TAC Rating : 7
Category : Data Miner
Comment : Claria
Object : C:\Program Files\PrecisionTime
Claria Object Recognized!
Type : Folder
TAC Rating : 7
Category : Data Miner
Comment : Claria
Object : C:\Program Files\Gator.com
Claria Object Recognized!
Type : Folder
TAC Rating : 7
Category : Data Miner
Comment : Claria
Object : C:\Program Files\Date Manager
Claria Object Recognized!
Type : Folder
TAC Rating : 7
Category : Data Miner
Comment : Claria
Object : C:\Program Files\DashBar
Claria Object Recognized!
Type : Folder
TAC Rating : 7
Category : Data Miner
Comment : Claria
Object : C:\Program Files\Common Files\GMT
Claria Object Recognized!
Type : Folder
TAC Rating : 7
Category : Data Miner
Comment : Claria
Object : C:\Program Files\Common Files\CMEII
Claria Object Recognized!
Type : File
Data : INSTALL.LOG
TAC Rating : 7
Category : Data Miner
Comment : PrecisionTime
Object : C:\Program Files\precisiontime\
Claria Object Recognized!
Type : File
Data : UNWISE.EXE
TAC Rating : 7
Category : Data Miner
Comment : PrecisionTime
Object : C:\Program Files\precisiontime\
Claria Object Recognized!
Type : File
Data : DateManager.exe
TAC Rating : 7
Category : Data Miner
Comment : Date Manager
Object : C:\Program Files\date manager\
FileVersion : 2.0.0.1
ProductVersion : 2.0.0.1
ProductName : Date Manager
CompanyName : The Gator Corporation
FileDescription : Date Manager Application
InternalName : DateManager.exe
LegalCopyright : Copyright © 2002 The Gator Corporation
OriginalFilename : DateManager.exe
Claria Object Recognized!
Type : File
Data : INSTALL.LOG
TAC Rating : 7
Category : Data Miner
Comment : Date Manager
Object : C:\Program Files\date manager\
Claria Object Recognized!
Type : File
Data : UNWISE.EXE
TAC Rating : 7
Category : Data Miner
Comment : Date Manager
Object : C:\Program Files\date manager\
Claria Object Recognized!
Type : File
Data : DashBarSetup.log
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\dashbar\
Claria Object Recognized!
Type : File
Data : DBUninstaller.exe
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\dashbar\
Claria Object Recognized!
Type : File
Data : DBUninstaller.exe.manifest
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\dashbar\
Claria Object Recognized!
Type : File
Data : gOps.bac
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\Common Files\cmeii\
Claria Object Recognized!
Type : File
|
|
| Back to top |
|
|
Ray
Joined: 15 Oct 2005
Posts: 11
|
| Posted: Sat Oct 15, 2005 17:47 pm Post subject: Corrine-I see What You Mean - I have the remaing data |
|
|
Data : gOps.bac
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\Common Files\cmeii\
Claria Object Recognized!
Type : File
Data : gReg.reg
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\Common Files\cmeii\
TIB Browser Object Recognized!
Type : Folder
TAC Rating : 6
Category : Dialer
Comment : TIB Browser
Object : C:\Program Files\WebSiteViewer
TIB Browser Object Recognized!
Type : File
Data : 109998.dd
TAC Rating : 6
Category : Dialer
Comment :
Object : C:\Program Files\websiteviewer\
TIB Browser Object Recognized!
Type : File
Data : 109998.dlr
TAC Rating : 6
Category : Dialer
Comment :
Object : C:\Program Files\websiteviewer\
TIB Browser Object Recognized!
Type : File
Data : 109998.ico
TAC Rating : 6
Category : Dialer
Comment :
Object : C:\Program Files\websiteviewer\
Lop Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar
Marketscore(Netsetter) Object Recognized!
Type : File
Data : osmim.dll
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1.0.0.28 (Build 28)
ProductVersion : 1.0.0.28 (Build 28)
ProductName : Marketscore OSMIM
CompanyName : Marketscore
FileDescription : OSMIM
InternalName : OSMIM
LegalCopyright : Copyright © 2003
OriginalFilename : OSMIM.dll
Marketscore(Netsetter) Object Recognized!
Type : File
Data : nsreg.dat
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\WINDOWS\
Other Object Recognized!
Type : File
Data : MSMSGS.EXE-124D63BE.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\
Other Object Recognized!
Type : File
Data : MSMSGS.EXE-2B6052DE.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\
Other Object Recognized!
Type : File
Data : UNWISE.EXE-02822F6D.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 51
Objects found so far: 95
4:32:03 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:57:25.688
Objects scanned:216859
Objects identified:99
Objects ignored:0
New critical objects:99 |
|
| Back to top |
|
|
Corrine
Administrator
Joined: 18 Jan 2001
Posts: 13529
Location: Upstate, NY
|
| Posted: Sat Oct 15, 2005 18:26 pm Post subject: |
|
|
Thank you, Ray. That is what I was looking for. It appears that you have your work cut out for you. What I am going to have you do first is to start with CCleaner and Ad-Aware and then download HijackThis and post a new Ad-Aware log as well as a startup list and HijackThis log.
The easiest way is to create 3 separate replies. The first with your new Ad-Aware log, the second with the HJThis log, and the last with the startup log.
A) Please follow the posted instructions above for CCleaner: http://www.freedomlist.com/forum/viewtopic.php?p=154610#154610
B) Do not launch any programs or connect to the internet at this time.
1. Launch Ad-Aware SE and run a Full Scan.
2. When the scan has completed, select Next.
3. In the Scanning Results window, select the "Scan Summary" tab.
4. Check the box next to each "target family" you wish to remove.
5. Click next, Click OK.
Safe Mode Scan
1. Restart the computer in Safe Mode ( http://service1.symantec.com/SUPPORT/tsgen...2409420406 )
2. Launch Ad-Aware SE and click Start and choose the Full Scan
3. Uncheck "Search for negligible risk entries"
4. Scan and again select all critical objects found that you wish to remove
5. Shutdown/restart and run another full scan, posting the results as a reply.
C) Please download HijackThis from here: http://www.thespykiller.co.uk/files/HJTsetup.exe .
Note: This is a complete installer that installs HijackThis to your computer to at C:\Program Files\HijackThis, making an entry in the start menu and also providing a desktop shortcut.
At the download prompt, choose "Save". After the download is complete, navigate to the C:\Program Files\HijackThis folder and double-click it. When the installation is complete, double-click the HijackThis icon on your desktop. Select "Do a system scan and save logfile". Save the logfile and a text file will be produced.. Copy the text file and paste it here as a reply.
Next, please create a startup list:
Open Hijackthis, click "Open the Misc Tools section"
Next to "Generate StartupList log", place a check next to "List also minor sections" (full) and "List empty sections (complete).
Then click "Generate StartupList log"
Click "Yes" to the box that pops-up.
Then copy and paste the notepad text that appears to this topic.
If you have any questions, please do not hesitate to ask. Thank you.
_________________
Freedomlist.com (March 1, 2000 - 2013)
Take a walk through my Security Garden |
|
| Back to top |
|
|
Ray
Joined: 15 Oct 2005
Posts: 11
|
| Posted: Sat Oct 15, 2005 22:57 pm Post subject: corrine-reply no 1 safe mode |
|
|
Reply No 1
Log from Ad-ADWARE
SAFEMODE SCAN
===========================================
Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, October 15, 2005 10:28:06 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R70 12.10.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects
10-15-2005 10:28:06 PM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 124
ThreadCreationTime : 10-16-2005 2:25:28 AM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 172
ThreadCreationTime : 10-16-2005 2:26:14 AM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\SYSTEM32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 196
ThreadCreationTime : 10-16-2005 2:26:16 AM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 240
ThreadCreationTime : 10-16-2005 2:26:21 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 252
ThreadCreationTime : 10-16-2005 2:26:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 400
ThreadCreationTime : 10-16-2005 2:26:28 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 468
ThreadCreationTime : 10-16-2005 2:26:31 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k netsvcs
ProcessID : 524
ThreadCreationTime : 10-16-2005 2:26:32 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 716
ThreadCreationTime : 10-16-2005 2:26:44 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:10 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 820
ThreadCreationTime : 10-16-2005 2:27:05 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions Object Recognized!
Type : File
Data : A0381316.dll
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{9D837BFC-2938-4E7C-9202-D7B326530104}\RP482\
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : ncmyb Dynamic Link Library
CompanyName : 180solutions, inc.
FileDescription : Browser Integrations Module
InternalName : ncmyb
LegalCopyright : Copyright (C) 2005
OriginalFilename : ncmyb.dll
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Deep scanning and examining files (F
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 1
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
11:11:39 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:43:33.94
Objects scanned:209273
Objects identified:1
Objects ignored:0
New critical objects:1
=========================================== |
|
| Back to top |
|
|
Ray
Joined: 15 Oct 2005
Posts: 11
|
| Posted: Sat Oct 15, 2005 23:04 pm Post subject: corrine-reply no 2-hijack log |
|
|
REPLY NO 2
LOG FROM HIJACK LOG
======================================================================
Logfile of HijackThis v1.99.1
Scan saved at 11:41:19 PM, on 10/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1125074644\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1125074644\ee\AOLServiceHost.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
c:\program files\common files\aol\1125074644\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1125074644\ee\AOLServiceHost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [slmzcv] C:\WINDOWS\slmzcv.exe
O4 - HKLM\..\Run: [sbedqv] C:\WINDOWS\sbedqv.exe
O4 - HKLM\..\Run: [exat] C:\WINDOWS\exat.exe
O4 - HKLM\..\Run: [loryxiz] C:\WINDOWS\loryxiz.exe
O4 - HKLM\..\Run: [ovcburej] C:\WINDOWS\ovcburej.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ngpsj] C:\WINDOWS\ngpsj.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [bafexur] C:\WINDOWS\bafexur.exe
O4 - HKLM\..\Run: [svefgx] C:\WINDOWS\svefgx.exe
O4 - HKLM\..\Run: [psp] C:\WINDOWS\psp.exe
O4 - HKLM\..\Run: [ififklqf] C:\WINDOWS\ififklqf.exe
O4 - HKLM\..\Run: [6soq5tsu] C:\WINDOWS\system32\6soq5tsu.exe
O4 - HKLM\..\Run: [zej] C:\WINDOWS\zej.exe
O4 - HKLM\..\Run: [cfglgrwr] C:\WINDOWS\cfglgrwr.exe
O4 - HKLM\..\Run: [azstyn] C:\WINDOWS\azstyn.exe
O4 - HKLM\..\Run: [3455bo69] C:\WINDOWS\system32\3455bo69.exe
O4 - HKLM\..\Run: [yfix] C:\WINDOWS\yfix.exe
O4 - HKLM\..\Run: [qnwt] C:\WINDOWS\qnwt.exe
O4 - HKLM\..\Run: [mvon] C:\WINDOWS\mvon.exe
O4 - HKLM\..\Run: [ulupanuf] C:\WINDOWS\ulupanuf.exe
O4 - HKLM\..\Run: [mnch] C:\WINDOWS\mnch.exe
O4 - HKLM\..\Run: [qduvgxsv] C:\WINDOWS\qduvgxsv.exe
O4 - HKLM\..\Run: [lcnydmp] C:\WINDOWS\lcnydmp.exe
O4 - HKLM\..\Run: [bkz] C:\WINDOWS\bkz.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125074644\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [snkzml] C:\WINDOWS\snkzml.exe
O4 - HKLM\..\Run: [xexin] C:\WINDOWS\xexin.exe
O4 - HKLM\..\Run: [sngtwt] C:\WINDOWS\sngtwt.exe
O4 - HKLM\..\Run: [bwxwnub] C:\WINDOWS\bwxwnub.exe
O4 - HKLM\..\Run: [bcfmlkh] C:\WINDOWS\bcfmlkh.exe
O4 - HKLM\..\Run: [ylybkp] C:\WINDOWS\ylybkp.exe
O4 - HKLM\..\Run: [NI.UWFX5] "C:\Documents and Settings\Ray Briggs.HOMEOFFICE\Local Settings\Temporary Internet Files\Content.IE5\VO1TR44G\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [vmx] C:\WINDOWS\vmx.exe
O4 - HKLM\..\Run: [ipkhed] C:\WINDOWS\ipkhed.exe
O4 - HKLM\..\Run: [xeb] C:\WINDOWS\xeb.exe
O4 - HKLM\..\Run: [oxctaxah] C:\WINDOWS\oxctaxah.exe
O4 - HKLM\..\Run: [tknmpev] C:\WINDOWS\tknmpev.exe
O4 - HKLM\..\Run: [ulyp] C:\WINDOWS\ulyp.exe
O4 - HKLM\..\Run: [nixwtet] C:\WINDOWS\nixwtet.exe
O4 - HKLM\..\Run: [bmxqp] C:\WINDOWS\bmxqp.exe
O4 - HKLM\..\Run: [kvgj] C:\WINDOWS\kvgj.exe
O4 - HKLM\..\Run: [qxgn] C:\WINDOWS\qxgn.exe
O4 - HKLM\..\Run: [ynctkt] C:\WINDOWS\ynctkt.exe
O4 - HKLM\..\Run: [cvar] C:\WINDOWS\cvar.exe
O4 - HKLM\..\Run: [qzkryp] C:\WINDOWS\qzkryp.exe
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe
O4 - HKLM\..\Run: [P.S.Guard] C:\Program Files\P.S.Guard\PSGuard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZPxdm157YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\system32\cachepal.exe
O9 - Extra 'Tools' menuitem: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\system32\cachepal.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_90.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/PopSwatterFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120046569125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129417192859
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://images.myfamily.net/isfiles/downloads/MrSIDI.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - Winlogon Notify: style32 - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
|
| Back to top |
|
|
Ray
Joined: 15 Oct 2005
Posts: 11
|
| Posted: Sat Oct 15, 2005 23:08 pm Post subject: corrine-reply no 3-startuplist log |
|
|
REPLY NO 3
STARTUP LIST LOG
StartupList report, 10/15/2005, 11:50:43 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1125074644\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1125074644\ee\AOLServiceHost.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
c:\program files\common files\aol\1125074644\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1125074644\ee\AOLServiceHost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
officejet 6100.lnk = ?
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Share-to-Web Namespace Daemon = C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
StrgSync.exe = C:\Program Files\StorageSync\StrgSync.exe -w
BO1HelperStartUp = C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
slmzcv = C:\WINDOWS\slmzcv.exe
sbedqv = C:\WINDOWS\sbedqv.exe
exat = C:\WINDOWS\exat.exe
loryxiz = C:\WINDOWS\loryxiz.exe
ovcburej = C:\WINDOWS\ovcburej.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ngpsj = C:\WINDOWS\ngpsj.exe
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
KernelFaultCheck = %systemroot%\system32\dumprep 0 -k
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
bafexur = C:\WINDOWS\bafexur.exe
svefgx = C:\WINDOWS\svefgx.exe
psp = C:\WINDOWS\psp.exe
ififklqf = C:\WINDOWS\ififklqf.exe
6soq5tsu = C:\WINDOWS\system32\6soq5tsu.exe
zej = C:\WINDOWS\zej.exe
cfglgrwr = C:\WINDOWS\cfglgrwr.exe
azstyn = C:\WINDOWS\azstyn.exe
3455bo69 = C:\WINDOWS\system32\3455bo69.exe
yfix = C:\WINDOWS\yfix.exe
qnwt = C:\WINDOWS\qnwt.exe
mvon = C:\WINDOWS\mvon.exe
ulupanuf = C:\WINDOWS\ulupanuf.exe
mnch = C:\WINDOWS\mnch.exe
qduvgxsv = C:\WINDOWS\qduvgxsv.exe
lcnydmp = C:\WINDOWS\lcnydmp.exe
bkz = C:\WINDOWS\bkz.exe
Pure Networks Port Magic = "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
HostManager = C:\Program Files\Common Files\AOL\1125074644\ee\AOLHostManager.exe
AOLDialer = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
snkzml = C:\WINDOWS\snkzml.exe
xexin = C:\WINDOWS\xexin.exe
sngtwt = C:\WINDOWS\sngtwt.exe
bwxwnub = C:\WINDOWS\bwxwnub.exe
bcfmlkh = C:\WINDOWS\bcfmlkh.exe
ylybkp = C:\WINDOWS\ylybkp.exe
NI.UWFX5 = "C:\Documents and Settings\Ray Briggs.HOMEOFFICE\Local Settings\Temporary Internet Files\Content.IE5\VO1TR44G\WinFixer2005ScannerInstall[1].exe"
vmx = C:\WINDOWS\vmx.exe
ipkhed = C:\WINDOWS\ipkhed.exe
xeb = C:\WINDOWS\xeb.exe
oxctaxah = C:\WINDOWS\oxctaxah.exe
tknmpev = C:\WINDOWS\tknmpev.exe
ulyp = C:\WINDOWS\ulyp.exe
nixwtet = C:\WINDOWS\nixwtet.exe
bmxqp = C:\WINDOWS\bmxqp.exe
kvgj = C:\WINDOWS\kvgj.exe
qxgn = C:\WINDOWS\qxgn.exe
ynctkt = C:\WINDOWS\ynctkt.exe
cvar = C:\WINDOWS\cvar.exe
qzkryp = C:\WINDOWS\qzkryp.exe
RegSvr32 = C:\WINDOWS\system32\msmsgs.exe
P.S.Guard = C:\Program Files\P.S.Guard\PSGuard.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=
SCRNSAVE.EXE=C:\WINDOWS\system32\BUTTER~1.SCR
drivers=
Shell & screensaver key from Registry:
Shell=explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - (no file) - {00A6FAF1-072E-44cf-8957-5838F569A31D}
--------------------------------------------------
Enumerating Task Scheduler jobs:
FRU Task #Hewlett-Packard#hp psc 2200 series#1086115591.job
FRU Task #Hewlett-Packard#hp psc 2200 series#1087152100.job
FRU Task #Hewlett-Packard#hp psc 2200 series#1087520337.job
FRU Task #Hewlett-Packard#hp psc 2200 series#1088263538.job
FRU Task #Hewlett-Packard#hp psc 2200 series#1088286867.job
FRU Task #Hewlett-Packard#hp psc 2200 series#1093633678.job
FRU Task #Hewlett-Packard#hp psc 2200 series#1096381410.job
FRU Task #Hewlett-Packard#hp psc 2200 series#1096495860.job
FRU Task #Hewlett-Packard#hp psc 2200 series#1096564469.job
Norton AntiVirus - Scan my computer - Ray Briggs.job
Symantec NetDetect.job
--------------------------------------------------
Enumerating Download Program Files:
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204
[{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]
CODEBASE = http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/PopSwatterFWBInitialSetup1.0.0.8-2.cab
[LSSupCtl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\LSSupCtl.dll
CODEBASE = http://www.symantec.com/techsupp/asa/LSSupCtl.cab
[VerifyGMN Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\hpobjinstaller_gmn.dll
CODEBASE = http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab
[QDiagAOLCCUpdateObj Class]
InProcServer32 = C:\WINDOWS\System32\qdiagcc.ocx
CODEBASE = http://aolcc.aol.com/computercheckup/qdiagcc.cab
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120046569125
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129417192859
[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
[MrSIDI Control]
InProcServer32 = C:\WINDOWS\MrSIDI.ocx
CODEBASE = http://images.myfamily.net/isfiles/downloads/MrSIDI.cab
[ActiveDataInfo Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SymAData.dll
CODEBASE = https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #4: C:\Program Files\NewDotNet\newdotnet6_90.dll (file MISSING)
--------------------------------------------------
Enumerating Windows NT/2000/XP services
AOL Connectivity Service: "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" (autostart)
AOL TopSpeed Monitor: C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (autostart)
AOL Spyware Protection Service: C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (autostart)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
Norton AntiVirus Auto Protect Service: "C:\Program Files\Norton AntiVirus\navapsvc.exe" (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\System32\HPZipm12.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVScan: "C:\Program Files\Norton AntiVirus\SAVScan.exe" (autostart)
ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart)
symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)
SymWMI Service: "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe" (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
End of report, 16,506 bytes
Report generated in 0.282 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only |
|
| Back to top |
|
|
Corrine
Administrator
Joined: 18 Jan 2001
Posts: 13529
Location: Upstate, NY
|
| Posted: Sun Oct 16, 2005 14:51 pm Post subject: |
|
|
Hi, Ray. Just so you know you are not being ignored, I've completed a lot of research on the objects showing in your log and am now consulting with other members of the team.
Regardng this item:
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_90.dll' missing
Is your internet connection ok?
_________________
Freedomlist.com (March 1, 2000 - 2013)
Take a walk through my Security Garden |
|
| Back to top |
|
|
Ray
Joined: 15 Oct 2005
Posts: 11
|
| Posted: Sun Oct 16, 2005 18:04 pm Post subject: Hi Corrine-Good News |
|
|
Regardng this item:
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_90.dll' missing
Is your internet connection ok?
My system may not have been connected. I just got in from Church. Sorry I could not have checked it sooner than late this afternoon and saved you the time and researc h. After doing all that you told me and deleting files my system is back to normal late this afternoon. You and your process fixed my system and I am very Grateful. Thank you and God bless you and your team. I am keeping your site always. Ray Briggs |
|
| Back to top |
|
|
Corrine
Administrator
Joined: 18 Jan 2001
Posts: 13529
Location: Upstate, NY
|
| Posted: Sun Oct 16, 2005 19:02 pm Post subject: |
|
|
Hi, Ray. Thanks for letting me know. From your logfiles, there was a lot going on so the problems recur after a couple shutdown/restarts, just post a fresh HijackThis log and we'll take another look.
Regards,
Corrine
_________________
Freedomlist.com (March 1, 2000 - 2013)
Take a walk through my Security Garden |
|
| Back to top |
|
|
Ray
Joined: 15 Oct 2005
Posts: 11
|
| Posted: Mon Oct 17, 2005 11:26 am Post subject: Corrine-New Hijack Log-Thanks-Let Med Know |
|
|
Logfile of HijackThis v1.99.1
Scan saved at 10:28:28 AM, on 10/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [slmzcv] C:\WINDOWS\slmzcv.exe
O4 - HKLM\..\Run: [sbedqv] C:\WINDOWS\sbedqv.exe
O4 - HKLM\..\Run: [exat] C:\WINDOWS\exat.exe
O4 - HKLM\..\Run: [loryxiz] C:\WINDOWS\loryxiz.exe
O4 - HKLM\..\Run: [ovcburej] C:\WINDOWS\ovcburej.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ngpsj] C:\WINDOWS\ngpsj.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [bafexur] C:\WINDOWS\bafexur.exe
O4 - HKLM\..\Run: [svefgx] C:\WINDOWS\svefgx.exe
O4 - HKLM\..\Run: [psp] C:\WINDOWS\psp.exe
O4 - HKLM\..\Run: [ififklqf] C:\WINDOWS\ififklqf.exe
O4 - HKLM\..\Run: [6soq5tsu] C:\WINDOWS\system32\6soq5tsu.exe
O4 - HKLM\..\Run: [zej] C:\WINDOWS\zej.exe
O4 - HKLM\..\Run: [cfglgrwr] C:\WINDOWS\cfglgrwr.exe
O4 - HKLM\..\Run: [azstyn] C:\WINDOWS\azstyn.exe
O4 - HKLM\..\Run: [3455bo69] C:\WINDOWS\system32\3455bo69.exe
O4 - HKLM\..\Run: [yfix] C:\WINDOWS\yfix.exe
O4 - HKLM\..\Run: [qnwt] C:\WINDOWS\qnwt.exe
O4 - HKLM\..\Run: [mvon] C:\WINDOWS\mvon.exe
O4 - HKLM\..\Run: [ulupanuf] C:\WINDOWS\ulupanuf.exe
O4 - HKLM\..\Run: [mnch] C:\WINDOWS\mnch.exe
O4 - HKLM\..\Run: [qduvgxsv] C:\WINDOWS\qduvgxsv.exe
O4 - HKLM\..\Run: [lcnydmp] C:\WINDOWS\lcnydmp.exe
O4 - HKLM\..\Run: [bkz] C:\WINDOWS\bkz.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125074644\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [snkzml] C:\WINDOWS\snkzml.exe
O4 - HKLM\..\Run: [xexin] C:\WINDOWS\xexin.exe
O4 - HKLM\..\Run: [sngtwt] C:\WINDOWS\sngtwt.exe
O4 - HKLM\..\Run: [bwxwnub] C:\WINDOWS\bwxwnub.exe
O4 - HKLM\..\Run: [bcfmlkh] C:\WINDOWS\bcfmlkh.exe
O4 - HKLM\..\Run: [ylybkp] C:\WINDOWS\ylybkp.exe
O4 - HKLM\..\Run: [NI.UWFX5] "C:\Documents and Settings\Ray Briggs.HOMEOFFICE\Local Settings\Temporary Internet Files\Content.IE5\VO1TR44G\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [vmx] C:\WINDOWS\vmx.exe
O4 - HKLM\..\Run: [ipkhed] C:\WINDOWS\ipkhed.exe
O4 - HKLM\..\Run: [xeb] C:\WINDOWS\xeb.exe
O4 - HKLM\..\Run: [oxctaxah] C:\WINDOWS\oxctaxah.exe
O4 - HKLM\..\Run: [tknmpev] C:\WINDOWS\tknmpev.exe
O4 - HKLM\..\Run: [ulyp] C:\WINDOWS\ulyp.exe
O4 - HKLM\..\Run: [nixwtet] C:\WINDOWS\nixwtet.exe
O4 - HKLM\..\Run: [bmxqp] C:\WINDOWS\bmxqp.exe
O4 - HKLM\..\Run: [kvgj] C:\WINDOWS\kvgj.exe
O4 - HKLM\..\Run: [qxgn] C:\WINDOWS\qxgn.exe
O4 - HKLM\..\Run: [ynctkt] C:\WINDOWS\ynctkt.exe
O4 - HKLM\..\Run: [cvar] C:\WINDOWS\cvar.exe
O4 - HKLM\..\Run: [qzkryp] C:\WINDOWS\qzkryp.exe
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe
O4 - HKLM\..\Run: [P.S.Guard] C:\Program Files\P.S.Guard\PSGuard.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZPxdm157YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\system32\cachepal.exe
O9 - Extra 'Tools' menuitem: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\system32\cachepal.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/PopSwatterFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120046569125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129417192859
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://images.myfamily.net/isfiles/downloads/MrSIDI.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - Winlogon Notify: style32 - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
|
| Back to top |
|
|
Corrine
Administrator
Joined: 18 Jan 2001
Posts: 13529
Location: Upstate, NY
|
| Posted: Mon Oct 17, 2005 11:40 am Post subject: |
|
|
Hi, Ray. I'm at work now & lunch break is about over. I'll take a look at your log this evening to see if anything has been added since your previous post.
_________________
Freedomlist.com (March 1, 2000 - 2013)
Take a walk through my Security Garden |
|
| Back to top |
|
|
Corrine
Administrator
Joined: 18 Jan 2001
Posts: 13529
Location: Upstate, NY
|
| Posted: Mon Oct 17, 2005 20:40 pm Post subject: |
|
|
Hi, Ray. Thank you. Now the real work begins.
Please follow these instructions carefully. You may want to print them so you don't miss a step.
Please download smitRem.exe and save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop.
Place a shortcut to Panda ActiveScan on your desktop.
Please download the trial version of Ewido Security Suite here: http://www.ewido.net/en/download/, following the setup instructions here: Ewido Security Suite (Trial) Instructions. Install Ewido and update the definitions to the newest files. Do NOT run a scan yet.
While still online, check Ad-Aware for updates but don't run it yet. Then disconnect from the internet and close all open programs.
Enter the Windows Control Panel and double-click on Add/Remove Programs. When the installed programs list appears, double-click on any of the following entries that appear, and allow them to uninstall ... no worries if you don't see some/all of them:
Security IGuard
Virtual Maid
Search Maid
PSGuard
MyWebSearch
Then exit the Add/Remove Programs screen and the Control Panel.
Next, please reboot your computer in SafeMode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear
- Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items and click FIX CHECKED:
NoteL Some of the files listed below may no longer be on your system after cleaning temp files and uninstalling any programs listed above.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O4 - HKLM\..\Run: [slmzcv] C:\WINDOWS\slmzcv.exe
O4 - HKLM\..\Run: [sbedqv] C:\WINDOWS\sbedqv.exe
O4 - HKLM\..\Run: [exat] C:\WINDOWS\exat.exe
O4 - HKLM\..\Run: [loryxiz] C:\WINDOWS\loryxiz.exe
O4 - HKLM\..\Run: [ovcburej] C:\WINDOWS\ovcburej.exe
O4 - HKLM\..\Run: [ngpsj] C:\WINDOWS\ngpsj.exe
O4 - HKLM\..\Run: [bafexur] C:\WINDOWS\bafexur.exe
O4 - HKLM\..\Run: [svefgx] C:\WINDOWS\svefgx.exe
O4 - HKLM\..\Run: [psp] C:\WINDOWS\psp.exe
O4 - HKLM\..\Run: [ififklqf] C:\WINDOWS\ififklqf.exe
O4 - HKLM\..\Run: [6soq5tsu] C:\WINDOWS\system32\6soq5tsu.exe
O4 - HKLM\..\Run: [zej] C:\WINDOWS\zej.exe
O4 - HKLM\..\Run: [cfglgrwr] C:\WINDOWS\cfglgrwr.exe
O4 - HKLM\..\Run: [azstyn] C:\WINDOWS\azstyn.exe
O4 - HKLM\..\Run: [3455bo69] C:\WINDOWS\system32\3455bo69.exe
O4 - HKLM\..\Run: [yfix] C:\WINDOWS\yfix.exe
O4 - HKLM\..\Run: [qnwt] C:\WINDOWS\qnwt.exe
O4 - HKLM\..\Run: [mvon] C:\WINDOWS\mvon.exe
O4 - HKLM\..\Run: [ulupanuf] C:\WINDOWS\ulupanuf.exe
O4 - HKLM\..\Run: [mnch] C:\WINDOWS\mnch.exe
O4 - HKLM\..\Run: [qduvgxsv] C:\WINDOWS\qduvgxsv.exe
O4 - HKLM\..\Run: [lcnydmp] C:\WINDOWS\lcnydmp.exe
O4 - HKLM\..\Run: [bkz] C:\WINDOWS\bkz.exe
O4 - HKLM\..\Run: [snkzml] C:\WINDOWS\snkzml.exe
O4 - HKLM\..\Run: [xexin] C:\WINDOWS\xexin.exe
O4 - HKLM\..\Run: [sngtwt] C:\WINDOWS\sngtwt.exe
O4 - HKLM\..\Run: [bwxwnub] C:\WINDOWS\bwxwnub.exe
O4 - HKLM\..\Run: [bcfmlkh] C:\WINDOWS\bcfmlkh.exe
O4 - HKLM\..\Run: [ylybkp] C:\WINDOWS\ylybkp.exe
O4 - HKLM\..\Run: [NI.UWFX5] "C:\Documents and Settings\Ray Briggs.HOMEOFFICE\Local Settings\Temporary Internet Files\Content.IE5\VO1TR44G\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [vmx] C:\WINDOWS\vmx.exe
O4 - HKLM\..\Run: [ipkhed] C:\WINDOWS\ipkhed.exe
O4 - HKLM\..\Run: [xeb] C:\WINDOWS\xeb.exe
O4 - HKLM\..\Run: [oxctaxah] C:\WINDOWS\oxctaxah.exe
O4 - HKLM\..\Run: [tknmpev] C:\WINDOWS\tknmpev.exe
O4 - HKLM\..\Run: [ulyp] C:\WINDOWS\ulyp.exe
O4 - HKLM\..\Run: [nixwtet] C:\WINDOWS\nixwtet.exe
O4 - HKLM\..\Run: [bmxqp] C:\WINDOWS\bmxqp.exe
O4 - HKLM\..\Run: [kvgj] C:\WINDOWS\kvgj.exe
O4 - HKLM\..\Run: [qxgn] C:\WINDOWS\qxgn.exe
O4 - HKLM\..\Run: [ynctkt] C:\WINDOWS\ynctkt.exe
O4 - HKLM\..\Run: [cvar] C:\WINDOWS\cvar.exe
O4 - HKLM\..\Run: [qzkryp] C:\WINDOWS\qzkryp.exe
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe
O4 - HKLM\..\Run: [P.S.Guard] C:\Program Files\P.S.Guard\PSGuard.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/PopSwatterFWBInitialSetup1.0.0.8-2.cab
Close HiJackThis.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
Open Ad-Aware and do a full scan. Before scanning, UNcheck "Search for negligible risk entries". Remove all it finds.
Shutdown/Restart in SafeMode as instructed above. Run Ewido (being sure to disable EwidoGuard):
- Click on scanner
- Click on Complete System Scan and the scan will begin.
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report.
- Save the report .txt file to your desktop.
Now close ewido security suite.
Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.
Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new Ad-Aware Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let us know if any problems persist.
_________________
Freedomlist.com (March 1, 2000 - 2013)
Take a walk through my Security Garden |
|
| Back to top |
|
|
Main
Search
please register
Log in
FAQ
RULES
