Jump to content


Photo

PLEASE HELP - MY PC IS INFECTED!


  • Please log in to reply
7 replies to this topic

#1 Barney

Barney

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 27 August 2006 - 01:12 PM

Please help!

I have no knowledge in this subject whatsoever so please bear with me. I believe I was infected with W32.Myzor.FK@yf - my homepage kept redirecting to www.safetyhomepage.net and pop-ups kept appearing advising of the virus. One pop-up also referred to Networm-i.virus.fp. I looked them up through Google which led to this site. Following some advice given in previous posts I have downloaded & run SmitfraudFix and ewido anti-spyware.

The homepage now appears to be running OK again but I would like advise on whether anything else needs to be done. Again, following advise given in previous posts, here is the info I believe you need:


Ad-Aware SE Build 1.06r1
Logfile Created on:27 August 2006 12:20:39
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R120 25.08.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):7 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


27-08-2006 12:20:39 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 536
ThreadCreationTime : 27-08-2006 09:29:04
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 784
ThreadCreationTime : 27-08-2006 09:29:10
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\System32\
ProcessID : 808
ThreadCreationTime : 27-08-2006 09:29:10
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 852
ThreadCreationTime : 27-08-2006 09:29:11
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 864
ThreadCreationTime : 27-08-2006 09:29:11
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1024
ThreadCreationTime : 27-08-2006 09:29:12
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1080
ThreadCreationTime : 27-08-2006 09:29:12
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1128
ThreadCreationTime : 27-08-2006 09:29:12
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1184
ThreadCreationTime : 27-08-2006 09:29:12
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1284
ThreadCreationTime : 27-08-2006 09:29:13
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1620
ThreadCreationTime : 27-08-2006 09:29:13
BasePriority : Normal
FileVersion : 8.18
ProductVersion : 8.18
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1648
ThreadCreationTime : 27-08-2006 09:29:13
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1656
ThreadCreationTime : 27-08-2006 09:29:13
BasePriority : Normal
FileVersion : 8.18
ProductVersion : 8.18
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:14 [aolacsd.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 1808
ThreadCreationTime : 27-08-2006 09:29:14
BasePriority : Normal


#:15 [mcdetect.exe]
FilePath : c:\program files\mcafee.com\agent\
ProcessID : 1884
ThreadCreationTime : 27-08-2006 09:29:14
BasePriority : Normal
FileVersion : 6, 0, 0, 19
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee WSC Integration Service
InternalName : McDetect
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : McDetect.exe
Comments : McAfee WSC Integration Service

#:16 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 1908
ThreadCreationTime : 27-08-2006 09:29:14
BasePriority : High


#:17 [mctskshd.exe]
FilePath : c:\PROGRA~1\mcafee.com\agent\
ProcessID : 1944
ThreadCreationTime : 27-08-2006 09:29:14
BasePriority : Normal
FileVersion : 6, 0, 0, 13
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee Task Scheduler
InternalName : McTskshd
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : McTskshd.exe

#:18 [mpfservice.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 156
ThreadCreationTime : 27-08-2006 09:29:15
BasePriority : Normal
FileVersion : 7.1.0.113
ProductVersion : 7.1.0.113
ProductName : McAfee Personal Firewall
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service

#:19 [msksrvr.exe]
FilePath : C:\PROGRA~1\McAfee\SPAMKI~1\
ProcessID : 204
ThreadCreationTime : 27-08-2006 09:29:15
BasePriority : Normal
FileVersion : 7.0.1.3
ProductVersion : 7.0
ProductName : McAfee SpamKiller
CompanyName : McAfee Inc.
FileDescription : McAfee SpamKiller Server
InternalName : MSKSRVR
LegalCopyright : Copyright © 2005, McAfee Inc.
OriginalFilename : MSKSRVR.EXE

#:20 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 612
ThreadCreationTime : 27-08-2006 09:29:18
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:21 [prismsvr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 620
ThreadCreationTime : 27-08-2006 09:29:18
BasePriority : Normal
FileVersion : 2.01.13
ProductVersion : 2.01.13.0013
ProductName : PRISM Wireless LAN
CompanyName : Conexant Systems, Inc.
FileDescription : PRISM Profiles Server Module
InternalName : GlobespanVirata
LegalCopyright : Copyright © 2004, Conexant Systems, Inc.
OriginalFilename : PRISMsvr.exe
Comments : Conexant Systems, Inc. (www.conexant.com)

#:22 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1172
ThreadCreationTime : 27-08-2006 09:29:21
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:23 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1416
ThreadCreationTime : 27-08-2006 09:29:21
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:24 [smax4pnp.exe]
FilePath : C:\Program Files\Analog Devices\Core\
ProcessID : 476
ThreadCreationTime : 27-08-2006 09:29:24
BasePriority : Normal
FileVersion : 5, 2, 0, 5
ProductVersion : 5, 2, 0, 5
ProductName : SMax4PNP Application
CompanyName : Analog Devices, Inc.
FileDescription : SMax4PNP MFC Application
InternalName : SMax4PNP
LegalCopyright : Copyright © 2002-2004 Analog Devices
OriginalFilename : SMax4PNP.EXE

#:25 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 492
ThreadCreationTime : 27-08-2006 09:29:24
BasePriority : Normal


#:26 [issch.exe]
FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\
ProcessID : 560
ThreadCreationTime : 27-08-2006 09:29:24
BasePriority : Normal
FileVersion : 4, 50, 100, 33433
ProductVersion : 4, 50
ProductName : InstallShield Update Service
CompanyName : InstallShield Software Corporation
FileDescription : InstallShield Update Service Scheduler
InternalName : Scheduler
LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation
OriginalFilename : issch.exe

#:27 [aoldial.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 600
ThreadCreationTime : 27-08-2006 09:29:25
BasePriority : Normal
FileVersion : 2.6.6.3.UK.53
ProductVersion : 2.6.6.3.UK.53
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe

#:28 [aolsp scheduler.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\
ProcessID : 1336
ThreadCreationTime : 27-08-2006 09:29:25
BasePriority : Normal
FileVersion : 1, 0, 0, 66
ProductVersion : 1, 0, 0, 66
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe

#:29 [oasclnt.exe]
FilePath : C:\Program Files\McAfee.com\VSO\
ProcessID : 712
ThreadCreationTime : 27-08-2006 09:29:25
BasePriority : Normal
FileVersion : 10, 0, 0, 24
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan OAS Client
InternalName : OasClnt
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : OasClnt.exe
Comments : McAfee VirusScan OAS Client

#:30 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ProcessID : 1152
ThreadCreationTime : 27-08-2006 09:29:26
BasePriority : Normal
FileVersion : 6, 0, 0, 16
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe

#:31 [dlactrlw.exe]
FilePath : C:\WINDOWS\System32\DLA\
ProcessID : 680
ThreadCreationTime : 27-08-2006 09:29:26
BasePriority : Normal
FileVersion : 5.20.08a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions

#:32 [mskagent.exe]
FilePath : C:\PROGRA~1\McAfee\SPAMKI~1\
ProcessID : 2056
ThreadCreationTime : 27-08-2006 09:29:27
BasePriority : Normal
FileVersion : 7.0.2.0
ProductVersion : 7.0
ProductName : McAfee SpamKiller
CompanyName : McAfee Inc.
FileDescription : McAfee SpamKiller Agent Interface module
InternalName : MskAgent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : MskAgent.exe

#:33 [mcvsshld.exe]
FilePath : C:\Program Files\McAfee.com\VSO\
ProcessID : 2124
ThreadCreationTime : 27-08-2006 09:29:27
BasePriority : Normal
FileVersion : 10, 0, 0, 22
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : McVsShld
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : McVsShld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:34 [mpftray.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 2148
ThreadCreationTime : 27-08-2006 09:29:28
BasePriority : Normal
FileVersion : 7.1.0.113
ProductVersion : 7.1.0.113
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Tray Monitor
InternalName : MpfTray
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MPFTRAY.EXE
Comments : Tray Icon for McAfee Personal Firewall

#:35 [mscifapp.exe]
FilePath : C:\PROGRA~1\mcafee.com\mps\
ProcessID : 2184
ThreadCreationTime : 27-08-2006 09:29:28
BasePriority : Normal
FileVersion : 8.1.0.136
ProductVersion : 8.1.0.136
ProductName : McAfee Privacy Service
CompanyName : McAfee, Inc.
FileDescription : McAfee Privacy Service
InternalName : mscifapp
LegalCopyright : Copyright © 2005 McAfee, Inc.
All rights reserved
OriginalFilename : mscifapp.exe

#:36 [hkcmd.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2220
ThreadCreationTime : 27-08-2006 09:29:28
BasePriority : Normal
FileVersion : 3.0.0.4396
ProductVersion : 7.0.0.4396
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : HKCMD.EXE

#:37 [igfxpers.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2232
ThreadCreationTime : 27-08-2006 09:29:29
BasePriority : Normal
FileVersion : 3.0.0.4396
ProductVersion : 7.0.0.4396
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : persistence Module
InternalName : PERSISTENCE
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : IGFXPERS.EXE

#:38 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2248
ThreadCreationTime : 27-08-2006 09:29:29
BasePriority : Normal
FileVersion : 0.1.0.3510
ProductVersion : 0.1.0.3510
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:39 [mcvsescn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 2312
ThreadCreationTime : 27-08-2006 09:29:29
BasePriority : Normal
FileVersion : 10, 0, 0, 20
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:40 [tsnp2std.exe]
FilePath : C:\WINDOWS\
ProcessID : 2328
ThreadCreationTime : 27-08-2006 09:29:29
BasePriority : Normal
FileVersion : 1, 1, 2, 3
ProductVersion : 1, 1, 2, 3
ProductName : tsnp2std
FileDescription : tsnp2std Microsoft
InternalName : tsnp2std
LegalCopyright : ???? © 2005
OriginalFilename : tsnp2std.EXE

#:41 [vsnp2std.exe]
FilePath : C:\WINDOWS\
ProcessID : 2348
ThreadCreationTime : 27-08-2006 09:29:30
BasePriority : Normal
FileVersion : 1, 0, 3, 4
ProductVersion : 1, 0, 3, 4
ProductName : CameraMonitor Application
CompanyName : Sonix
FileDescription : CameraMonitor Application
InternalName : CameraMonitor
LegalCopyright : Copyright 2002-2005
OriginalFilename : CameraMonitor.EXE

#:42 [dsagnt.exe]
FilePath : C:\Program Files\Dell Support\
ProcessID : 2376
ThreadCreationTime : 27-08-2006 09:29:30
BasePriority : Below Normal
FileVersion : 1, 1, 0, 73
ProductVersion : 1, 1, 0, 73
ProductName : Dell Support
CompanyName : Gteko Ltd.
FileDescription : Dell Support
InternalName : AUAgent
LegalCopyright : Copyright © 2000 - 2004 Gteko Ltd.
OriginalFilename : AUAgent.exe

#:43 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 2404
ThreadCreationTime : 27-08-2006 09:29:30
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:44 [registryrepairpro.exe]
FilePath : C:\Documents and Settings\Marcus Barnes\My Documents\Windows Registry Repair Pro\
ProcessID : 2412
ThreadCreationTime : 27-08-2006 09:29:30
BasePriority : Normal
FileVersion : 2.0.0.0
ProductVersion : 2.0.0
ProductName : Windows Registry Repair Pro
CompanyName : 3B Software, Inc.
FileDescription : Windows Registry Repair Pro
InternalName : wwrp
LegalCopyright : Copyright © 2003-2004, WyvernWorks Dot Com. All Rights reserved.
LegalTrademarks : WyvernWorks Dot Com
OriginalFilename : RegistryRepairPro.exe
Comments : Windows Registry repair Pro

#:45 [dlg.exe]
FilePath : C:\Program Files\Digital Line Detect\
ProcessID : 2500
ThreadCreationTime : 27-08-2006 09:29:31
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe

#:46 [prismcfg.exe]
FilePath : C:\Program Files\Dell Wireless\
ProcessID : 2528
ThreadCreationTime : 27-08-2006 09:29:31
BasePriority : Normal
FileVersion : 2.01.13 (Alpha)
ProductVersion : 2.01.13.0013 (Alpha)
ProductName : USB 2.0 Wireless LAN
CompanyName : Dell Inc.
FileDescription : Wireless Card Utility
InternalName : PRISMCFG.exe
LegalCopyright : Copyright © 2004, Dell Inc.
OriginalFilename : PRISMCFG.exe
Comments : Dell Corporation (www.dell.com)

#:47 [mcvsftsn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 3120
ThreadCreationTime : 27-08-2006 09:29:39
BasePriority : Normal
FileVersion : 10, 0, 0, 19
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsftsn.EXE
Comments : McAfee VirusScan Instant Messenger Scan Module

#:48 [servicelayer.exe]
FilePath : C:\Program Files\Common Files\PCSuite\Services\
ProcessID : 3424
ThreadCreationTime : 27-08-2006 09:29:40
BasePriority : Normal
FileVersion : 6, 81, 60, 0
ProductVersion : 6.0
ProductName : PC Connectivity Solution
CompanyName : Nokia.
FileDescription : ServiceLayer Module
InternalName : ServiceLayer
LegalCopyright : Copyright © 2002-2006 Nokia. All Rights Reserved.
OriginalFilename : ServiceLayer.exe

#:49 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3668
ThreadCreationTime : 27-08-2006 09:29:43
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:50 [mpfagent.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 392
ThreadCreationTime : 27-08-2006 09:30:01
BasePriority : Normal
FileVersion : 7.1.0.113
ProductVersion : 7.1.0.113
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Agent Interface
InternalName : MpfAgent
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MPFAGENT.EXE
Comments : McAfee Personal Firewall Security Center Module

#:51 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2584
ThreadCreationTime : 27-08-2006 09:30:05
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:52 [isuspm.exe]
FilePath : c:\program files\common files\installshield\updateservice\
ProcessID : 3932
ThreadCreationTime : 27-08-2006 09:30:24
BasePriority : Normal
FileVersion : 4, 50, 100, 33433
ProductVersion : 4, 50
ProductName : InstallShield Update Service
CompanyName : InstallShield Software Corporation
FileDescription : InstallShield Update Service Update Manager
InternalName : ProgramManager
LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation
OriginalFilename : ISUSPM.exe

#:53 [agent.exe]
FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\
ProcessID : 2320
ThreadCreationTime : 27-08-2006 09:30:37
BasePriority : Normal
FileVersion : 4, 50, 100, 33433
ProductVersion : 4, 50
ProductName : InstallShield Update Service
CompanyName : InstallShield Software Corporation
FileDescription : InstallShield Update Service Agent
InternalName : Agent
LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation
OriginalFilename : agent.exe

#:54 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 4076
ThreadCreationTime : 27-08-2006 09:32:53
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:55 [guard.exe]
FilePath : C:\Program Files\ewido anti-spyware 4.0\
ProcessID : 2444
ThreadCreationTime : 27-08-2006 09:53:07
BasePriority : Normal
FileVersion : 4, 0, 0, 172
ProductVersion : 4, 0, 0, 172
ProductName : ewido anti-spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : ewido anti-spyware guard
InternalName : ewido anti-spywareguard
LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:56 [ewido.exe]
FilePath : C:\Program Files\ewido anti-spyware 4.0\
ProcessID : 3936
ThreadCreationTime : 27-08-2006 09:53:29
BasePriority : Normal
FileVersion : 4, 0, 0, 172
ProductVersion : 4, 0, 0, 172
ProductName : ewido anti-spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : ewido anti-spyware
InternalName : ewido anti-spyware
LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
OriginalFilename : ewido.exe

#:57 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ProcessID : 5204
ThreadCreationTime : 27-08-2006 11:20:11
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:marcus barnes@atdmt.com/
Expires : 26-08-2011 01:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@0[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@0[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@adrevolver[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@adrevolver[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@etype.adbureau[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@etype.adbureau[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@maxserving[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@maxserving[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@realmedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@xml.bravenetmedianetwork[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@xml.bravenetmedianetwork[1].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 7




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7

12:32:41 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:01.609
Objects scanned:180148
Objects identified:7
Objects ignored:0
New critical objects:7


=====================================================================

Logfile of HijackThis v1.99.1
Scan saved at 12:57:55, on 27/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Marcus Barnes\My Documents\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\HijackThis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.mywa...idebar.jsp?p=DK
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\blank.htm
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Documents and Settings\Marcus Barnes\My Documents\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Documents and Settings\Marcus Barnes\My Documents\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\DOCUME~1\MARCUS~1\MYDOCU~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\DOCUME~1\MARCUS~1\MYDOCU~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe


Many thanks for any assistance!!

#2 LS CalamityJane

LS CalamityJane

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 8814 posts

Posted 01 September 2006 - 08:38 PM

Hi ,

Apologies for the late reply, we've been quite swamped in here as you can probably see.

Are you still needing help?

I'm now subscribed to this topic so I will receive a notice from the board as soon as you reply, so I can be here much more quickly than it has taken to get to your new topic.

If you still need help we need two things:

1. Your Adaware Scan log with the latest reference file update.

Please make sure that you are using
Ad-aware SE Build 106r1
Note: If your version is 6.0 and not the SE, you need to uninstall and get the latest version from the above link.

[if not Uninstall your old Ad-aware first then install SE]
Then use the WebUpDate
to get the latest Definition file
SE1R121 28.08.2006
To do this Open Ad-aware
Click the WebUpDate
button at the top right hand side of the Ad-aware screen (The world globe).
Click "Connect"
Ad-aware will then download the latest Definition file for you.
To make sure it is updated , look at the main
Ad-aware screen, and look under "Initialization Status"
It should say the Latest Definition file.
then scan doing a "Full Scan"
and then post your logfile here by using the Add-Reply Feature .
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
...............
2. A fresh HijackThis log for review to see where you are now.
Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.

Look for the *New Topic* Button near the top right when viewing the forums.

Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center


Microsoft MVP/Windows - Security 2003-2009

#3 Barney

Barney

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 03 September 2006 - 03:24 PM

Thanks for your help - yes I do still need help!

Please find below the information you requested.

When I was running the full scan on Adaware, my McAfee virus protection kept popping up something about Puper trojan being found in several files within C:\System Volume Information or something like that? It said it could not be deleted or quarantined as it was write protected??


Ad-Aware SE Build 1.06r1
Logfile Created on:03 September 2006 14:55:58
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R121 28.08.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):38 total references
Tracking Cookie(TAC index:3):59 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


03-09-2006 14:55:58 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Marcus Barnes\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Marcus Barnes\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\office\11.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\office\11.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\office\11.0\powerpoint\recent templates
Description : list of recent templates used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\office\11.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\office\11.0\powerpoint\recenttemplatelist
Description : list of recent templates used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 536
ThreadCreationTime : 03-09-2006 12:26:35
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 784
ThreadCreationTime : 03-09-2006 12:26:41
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\System32\
ProcessID : 808
ThreadCreationTime : 03-09-2006 12:26:42
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 852
ThreadCreationTime : 03-09-2006 12:26:42
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 864
ThreadCreationTime : 03-09-2006 12:26:42
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1020
ThreadCreationTime : 03-09-2006 12:26:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1080
ThreadCreationTime : 03-09-2006 12:26:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1128
ThreadCreationTime : 03-09-2006 12:26:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1180
ThreadCreationTime : 03-09-2006 12:26:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1368
ThreadCreationTime : 03-09-2006 12:26:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1616
ThreadCreationTime : 03-09-2006 12:26:45
BasePriority : Normal
FileVersion : 8.18
ProductVersion : 8.18
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1648
ThreadCreationTime : 03-09-2006 12:26:45
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1656
ThreadCreationTime : 03-09-2006 12:26:45
BasePriority : Normal
FileVersion : 8.18
ProductVersion : 8.18
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:14 [aolacsd.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 1808
ThreadCreationTime : 03-09-2006 12:26:46
BasePriority : Normal


#:15 [guard.exe]
FilePath : C:\Program Files\ewido anti-spyware 4.0\
ProcessID : 1832
ThreadCreationTime : 03-09-2006 12:26:46
BasePriority : Normal
FileVersion : 4, 0, 0, 172
ProductVersion : 4, 0, 0, 172
ProductName : ewido anti-spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : ewido anti-spyware guard
InternalName : ewido anti-spywareguard
LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:16 [mcdetect.exe]
FilePath : c:\program files\mcafee.com\agent\
ProcessID : 1888
ThreadCreationTime : 03-09-2006 12:26:46
BasePriority : Normal
FileVersion : 6, 0, 0, 19
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee WSC Integration Service
InternalName : McDetect
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : McDetect.exe
Comments : McAfee WSC Integration Service

#:17 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 1932
ThreadCreationTime : 03-09-2006 12:26:46
BasePriority : High


#:18 [mctskshd.exe]
FilePath : c:\PROGRA~1\mcafee.com\agent\
ProcessID : 1952
ThreadCreationTime : 03-09-2006 12:26:46
BasePriority : Normal
FileVersion : 6, 0, 0, 13
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee Task Scheduler
InternalName : McTskshd
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : McTskshd.exe

#:19 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 508
ThreadCreationTime : 03-09-2006 12:26:52
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:20 [prismsvr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 524
ThreadCreationTime : 03-09-2006 12:26:52
BasePriority : Normal
FileVersion : 2.01.13
ProductVersion : 2.01.13.0013
ProductName : PRISM Wireless LAN
CompanyName : Conexant Systems, Inc.
FileDescription : PRISM Profiles Server Module
InternalName : GlobespanVirata
LegalCopyright : Copyright © 2004, Conexant Systems, Inc.
OriginalFilename : PRISMsvr.exe
Comments : Conexant Systems, Inc. (www.conexant.com)

#:21 [mpfservice.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 564
ThreadCreationTime : 03-09-2006 12:26:52
BasePriority : Normal
FileVersion : 7.1.0.113
ProductVersion : 7.1.0.113
ProductName : McAfee Personal Firewall
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service

#:22 [msksrvr.exe]
FilePath : C:\PROGRA~1\McAfee\SPAMKI~1\
ProcessID : 592
ThreadCreationTime : 03-09-2006 12:26:52
BasePriority : Normal
FileVersion : 7.0.1.3
ProductVersion : 7.0
ProductName : McAfee SpamKiller
CompanyName : McAfee Inc.
FileDescription : McAfee SpamKiller Server
InternalName : MSKSRVR
LegalCopyright : Copyright © 2005, McAfee Inc.
OriginalFilename : MSKSRVR.EXE

#:23 [smax4pnp.exe]
FilePath : C:\Program Files\Analog Devices\Core\
ProcessID : 1464
ThreadCreationTime : 03-09-2006 12:26:57
BasePriority : Normal
FileVersion : 5, 2, 0, 5
ProductVersion : 5, 2, 0, 5
ProductName : SMax4PNP Application
CompanyName : Analog Devices, Inc.
FileDescription : SMax4PNP MFC Application
InternalName : SMax4PNP
LegalCopyright : Copyright © 2002-2004 Analog Devices
OriginalFilename : SMax4PNP.EXE

#:24 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 1472
ThreadCreationTime : 03-09-2006 12:26:57
BasePriority : Normal


#:25 [issch.exe]
FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\
ProcessID : 232
ThreadCreationTime : 03-09-2006 12:27:01
BasePriority : Normal
FileVersion : 4, 50, 100, 33433
ProductVersion : 4, 50
ProductName : InstallShield Update Service
CompanyName : InstallShield Software Corporation
FileDescription : InstallShield Update Service Scheduler
InternalName : Scheduler
LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation
OriginalFilename : issch.exe

#:26 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 364
ThreadCreationTime : 03-09-2006 12:27:02
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:27 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 460
ThreadCreationTime : 03-09-2006 12:27:02
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:28 [aoldial.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 1296
ThreadCreationTime : 03-09-2006 12:27:03
BasePriority : Normal
FileVersion : 2.6.6.3.UK.53
ProductVersion : 2.6.6.3.UK.53
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe

#:29 [aolsp scheduler.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\
ProcessID : 516
ThreadCreationTime : 03-09-2006 12:27:03
BasePriority : Normal
FileVersion : 1, 0, 0, 66
ProductVersion : 1, 0, 0, 66
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe

#:30 [oasclnt.exe]
FilePath : C:\Program Files\McAfee.com\VSO\
ProcessID : 1556
ThreadCreationTime : 03-09-2006 12:27:04
BasePriority : Normal
FileVersion : 10, 0, 0, 24
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan OAS Client
InternalName : OasClnt
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : OasClnt.exe
Comments : McAfee VirusScan OAS Client

#:31 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ProcessID : 2056
ThreadCreationTime : 03-09-2006 12:27:04
BasePriority : Normal
FileVersion : 6, 0, 0, 16
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe

#:32 [dlactrlw.exe]
FilePath : C:\WINDOWS\System32\DLA\
ProcessID : 2156
ThreadCreationTime : 03-09-2006 12:27:06
BasePriority : Normal
FileVersion : 5.20.08a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions

#:33 [mcvsshld.exe]
FilePath : c:\program files\mcafee.com\vso\
ProcessID : 2204
ThreadCreationTime : 03-09-2006 12:27:07
BasePriority : Normal
FileVersion : 10, 0, 0, 22
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : McVsShld
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : McVsShld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:34 [mcvsescn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 2256
ThreadCreationTime : 03-09-2006 12:27:07
BasePriority : Normal
FileVersion : 10, 0, 0, 20
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:35 [mskagent.exe]
FilePath : C:\PROGRA~1\McAfee\SPAMKI~1\
ProcessID : 2284
ThreadCreationTime : 03-09-2006 12:27:07
BasePriority : Normal
FileVersion : 7.0.2.0
ProductVersion : 7.0
ProductName : McAfee SpamKiller
CompanyName : McAfee Inc.
FileDescription : McAfee SpamKiller Agent Interface module
InternalName : MskAgent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : MskAgent.exe

#:36 [mpftray.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 2368
ThreadCreationTime : 03-09-2006 12:27:08
BasePriority : Normal
FileVersion : 7.1.0.113
ProductVersion : 7.1.0.113
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Tray Monitor
InternalName : MpfTray
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MPFTRAY.EXE
Comments : Tray Icon for McAfee Personal Firewall

#:37 [mscifapp.exe]
FilePath : C:\PROGRA~1\mcafee.com\mps\
ProcessID : 2408
ThreadCreationTime : 03-09-2006 12:27:12
BasePriority : Normal
FileVersion : 8.1.0.136
ProductVersion : 8.1.0.136
ProductName : McAfee Privacy Service
CompanyName : McAfee, Inc.
FileDescription : McAfee Privacy Service
InternalName : mscifapp
LegalCopyright : Copyright © 2005 McAfee, Inc.
All rights reserved
OriginalFilename : mscifapp.exe

#:38 [hkcmd.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2436
ThreadCreationTime : 03-09-2006 12:27:12
BasePriority : Normal
FileVersion : 3.0.0.4396
ProductVersion : 7.0.0.4396
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : HKCMD.EXE

#:39 [igfxpers.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2444
ThreadCreationTime : 03-09-2006 12:27:12
BasePriority : Normal
FileVersion : 3.0.0.4396
ProductVersion : 7.0.0.4396
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : persistence Module
InternalName : PERSISTENCE
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : IGFXPERS.EXE

#:40 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2480
ThreadCreationTime : 03-09-2006 12:27:12
BasePriority : Normal
FileVersion : 0.1.0.3510
ProductVersion : 0.1.0.3510
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:41 [tsnp2std.exe]
FilePath : C:\WINDOWS\
ProcessID : 2820
ThreadCreationTime : 03-09-2006 12:27:19
BasePriority : Normal
FileVersion : 1, 1, 2, 3
ProductVersion : 1, 1, 2, 3
ProductName : tsnp2std
FileDescription : tsnp2std Microsoft
InternalName : tsnp2std
LegalCopyright : ???? © 2005
OriginalFilename : tsnp2std.EXE

#:42 [vsnp2std.exe]
FilePath : C:\WINDOWS\
ProcessID : 2944
ThreadCreationTime : 03-09-2006 12:27:19
BasePriority : Normal
FileVersion : 1, 0, 3, 4
ProductVersion : 1, 0, 3, 4
ProductName : CameraMonitor Application
CompanyName : Sonix
FileDescription : CameraMonitor Application
InternalName : CameraMonitor
LegalCopyright : Copyright 2002-2005
OriginalFilename : CameraMonitor.EXE

#:43 [launch~1.exe]
FilePath : C:\PROGRA~1\Nokia\NOKIAP~1\
ProcessID : 3164
ThreadCreationTime : 03-09-2006 12:27:23
BasePriority : Normal


#:44 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3224
ThreadCreationTime : 03-09-2006 12:27:24
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:45 [mpfagent.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 3512
ThreadCreationTime : 03-09-2006 12:27:26
BasePriority : Normal
FileVersion : 7.1.0.113
ProductVersion : 7.1.0.113
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Agent Interface
InternalName : MpfAgent
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MPFAGENT.EXE
Comments : McAfee Personal Firewall Security Center Module

#:46 [servicelayer.exe]
FilePath : C:\Program Files\Common Files\PCSuite\Services\
ProcessID : 3996
ThreadCreationTime : 03-09-2006 12:27:30
BasePriority : Normal
FileVersion : 6, 81, 60, 0
ProductVersion : 6.0
ProductName : PC Connectivity Solution
CompanyName : Nokia.
FileDescription : ServiceLayer Module
InternalName : ServiceLayer
LegalCopyright : Copyright © 2002-2006 Nokia. All Rights Reserved.
OriginalFilename : ServiceLayer.exe

#:47 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 4064
ThreadCreationTime : 03-09-2006 12:27:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:48 [ewido.exe]
FilePath : C:\Program Files\ewido anti-spyware 4.0\
ProcessID : 452
ThreadCreationTime : 03-09-2006 12:27:32
BasePriority : Normal
FileVersion : 4, 0, 0, 172
ProductVersion : 4, 0, 0, 172
ProductName : ewido anti-spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : ewido anti-spyware
InternalName : ewido anti-spyware
LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
OriginalFilename : ewido.exe

#:49 [dsagnt.exe]
FilePath : C:\Program Files\Dell Support\
ProcessID : 2376
ThreadCreationTime : 03-09-2006 12:27:44
BasePriority : Below Normal
FileVersion : 1, 1, 0, 73
ProductVersion : 1, 1, 0, 73
ProductName : Dell Support
CompanyName : Gteko Ltd.
FileDescription : Dell Support
InternalName : AUAgent
LegalCopyright : Copyright © 2000 - 2004 Gteko Ltd.
OriginalFilename : AUAgent.exe

#:50 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 2644
ThreadCreationTime : 03-09-2006 12:27:55
BasePriority : Normal
FileVersion : 7.5.0324
ProductVersion : 7.5.0324
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:51 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 3088
ThreadCreationTime : 03-09-2006 12:28:00
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:52 [isuspm.exe]
FilePath : c:\program files\common files\installshield\updateservice\
ProcessID : 3208
ThreadCreationTime : 03-09-2006 12:28:02
BasePriority : Normal
FileVersion : 4, 50, 100, 33433
ProductVersion : 4, 50
ProductName : InstallShield Update Service
CompanyName : InstallShield Software Corporation
FileDescription : InstallShield Update Service Update Manager
InternalName : ProgramManager
LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation
OriginalFilename : ISUSPM.exe

#:53 [registryrepairpro.exe]
FilePath : C:\Documents and Settings\Marcus Barnes\My Documents\Windows Registry Repair Pro\
ProcessID : 2608
ThreadCreationTime : 03-09-2006 12:28:04
BasePriority : Normal
FileVersion : 2.0.0.0
ProductVersion : 2.0.0
ProductName : Windows Registry Repair Pro
CompanyName : 3B Software, Inc.
FileDescription : Windows Registry Repair Pro
InternalName : wwrp
LegalCopyright : Copyright © 2003-2004, WyvernWorks Dot Com. All Rights reserved.
LegalTrademarks : WyvernWorks Dot Com
OriginalFilename : RegistryRepairPro.exe
Comments : Windows Registry repair Pro

#:54 [mcvsftsn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 3488
ThreadCreationTime : 03-09-2006 12:28:06
BasePriority : Normal
FileVersion : 10, 0, 0, 19
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsftsn.EXE
Comments : McAfee VirusScan Instant Messenger Scan Module

#:55 [agent.exe]
FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\
ProcessID : 3992
ThreadCreationTime : 03-09-2006 12:28:20
BasePriority : Normal
FileVersion : 4, 50, 100, 33433
ProductVersion : 4, 50
ProductName : InstallShield Update Service
CompanyName : InstallShield Software Corporation
FileDescription : InstallShield Update Service Agent
InternalName : Agent
LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation
OriginalFilename : agent.exe

#:56 [dlg.exe]
FilePath : C:\Program Files\Digital Line Detect\
ProcessID : 1156
ThreadCreationTime : 03-09-2006 12:28:25
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe

#:57 [prismcfg.exe]
FilePath : C:\Program Files\Dell Wireless\
ProcessID : 1328
ThreadCreationTime : 03-09-2006 12:28:26
BasePriority : Normal
FileVersion : 2.01.13 (Alpha)
ProductVersion : 2.01.13.0013 (Alpha)
ProductName : USB 2.0 Wireless LAN
CompanyName : Dell Inc.
FileDescription : Wireless Card Utility
InternalName : PRISMCFG.exe
LegalCopyright : Copyright © 2004, Dell Inc.
OriginalFilename : PRISMCFG.exe
Comments : Dell Corporation (www.dell.com)

#:58 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1992
ThreadCreationTime : 03-09-2006 12:46:36
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:59 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 5620
ThreadCreationTime : 03-09-2006 13:54:02
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38

#4 Barney

Barney

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 03 September 2006 - 03:25 PM

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@redeye.willhill[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:marcus barnes@redeye.willhill.com/
Expires : 01-01-2036 01:00:00
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:marcus barnes@mediaplex.com/
Expires : 22-06-2009 01:00:00
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@edge.ru4[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:marcus barnes@edge.ru4.com/
Expires : 21-07-2036 10:46:32
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:marcus barnes@atdmt.com/
Expires : 27-08-2011 01:00:00
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:marcus barnes@tradedoubler.com/
Expires : 23-08-2026 20:46:22
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:13
Value : Cookie:marcus barnes@questionmarket.com/
Expires : 14-10-2006 07:11:56
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@valueclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:54
Value : Cookie:marcus barnes@valueclick.com/
Expires : 27-08-2031 15:05:22
LastSync : Hits:54
UseCount : 0
Hits : 54

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:20
Value : Cookie:marcus barnes@zedo.com/
Expires : 01-03-2016 14:57:48
LastSync : Hits:20
UseCount : 0
Hits : 20

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@ehg-bskyb.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:69
Value : Cookie:marcus barnes@ehg-bskyb.hitbox.com/
Expires : 02-09-2007 16:23:38
LastSync : Hits:69
UseCount : 0
Hits : 69

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@adrevolver[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:marcus barnes@media.adrevolver.com/adrevolver/
Expires : 26-11-2008 03:18:34
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie:marcus barnes@hitbox.com/
Expires : 04-09-2006 11:19:16
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@c2.zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:marcus barnes@c2.zedo.com/
Expires : 05-03-2006 06:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:marcus barnes@realmedia.com/
Expires : 01-01-2021 01:00:00
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@ehg-ignitemedia.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:marcus barnes@ehg-ignitemedia.hitbox.com/
Expires : 28-08-2007 11:19:16
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:64
Value : Cookie:marcus barnes@statcounter.com/
Expires : 03-03-2011 17:48:10
LastSync : Hits:64
UseCount : 0
Hits : 64

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:marcus barnes@247realmedia.com/
Expires : 01-01-2021 01:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@0[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:marcus barnes@jearthreactor.cjt1.net/HTM/665/0
Expires : 04-03-2007 17:39:16
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@etype.adbureau[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:marcus barnes@etype.adbureau.net/
Expires : 01-03-2007 01:00:00
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:14
Value : Cookie:marcus barnes@advertising.com/
Expires : 02-09-2011 14:40:02
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@adrevolver[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:marcus barnes@adrevolver.com/
Expires : 28-08-2007 06:39:40
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@statse.webtrendslive[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:106
Value : Cookie:marcus barnes@statse.webtrendslive.com/
Expires : 30-08-2016 15:47:32
LastSync : Hits:106
UseCount : 0
Hits : 106

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:marcus barnes@tribalfusion.com/
Expires : 01-01-2038 01:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@as-eu.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:19
Value : Cookie:marcus barnes@as-eu.falkag.net/
Expires : 04-03-2007 14:50:58
LastSync : Hits:19
UseCount : 0
Hits : 19

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:marcus barnes@doubleclick.net/
Expires : 27-08-2009 10:09:14
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@casalemedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:marcus barnes@casalemedia.com/
Expires : 19-08-2007 09:58:54
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:marcus barnes@adtech.de/
Expires : 25-08-2016 11:21:22
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@maxserving[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:13
Value : Cookie:marcus barnes@maxserving.com/
Expires : 02-02-2016 18:32:26
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@adviva[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:marcus barnes@adviva.net/
Expires : 02-08-2011 11:22:24
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@as1.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:marcus barnes@as1.falkag.de/
Expires : 03-05-2006 17:28:12
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@adrevolver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:marcus barnes@netli.media.adrevolver.com/adrevolver/
Expires : 17-05-2009 07:58:44
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@xml.bravenetmedianetwork[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:marcus barnes@xml.bravenetmedianetwork.com/
Expires : 03-04-2006 17:12:18
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Cookies\marcus barnes@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@ehg-bskyb.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Cookies\marcus barnes@ehg-bskyb.hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@statcounter[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Cookies\marcus barnes@statcounter[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Cookies\marcus barnes@zedo[1].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 35
Objects found so far: 73

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@0[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@0[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@adrevolver[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@adrevolver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@adrevolver[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@adrevolver[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@adrevolver[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@adrevolver[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@adtech[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@adviva[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@adviva[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@casalemedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@casalemedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@ehg-bskyb.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@ehg-bskyb.hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@ehg-ignitemedia.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@ehg-ignitemedia.hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@etype.adbureau[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@etype.adbureau[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@maxserving[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@maxserving[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@questionmarket[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@redeye.willhill[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@redeye.willhill[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@statse.webtrendslive[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@statse.webtrendslive[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@tradedoubler[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@tribalfusion[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@valueclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@valueclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marcus barnes@xml.bravenetmedianetwork[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@xml.bravenetmedianetwork[1].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 97


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 97




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 97

15:10:36 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:14:38.641
Objects scanned:190697
Objects identified:59
Objects ignored:0
New critical objects:59

#5 Barney

Barney

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 03 September 2006 - 03:26 PM

Logfile of HijackThis v1.99.1
Scan saved at 15:16:59, on 03/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Documents and Settings\Marcus Barnes\My Documents\Windows Registry Repair Pro\RegistryRepairPro.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.mywa...idebar.jsp?p=DK
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\blank.htm
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Documents and Settings\Marcus Barnes\My Documents\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Documents and Settings\Marcus Barnes\My Documents\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\DOCUME~1\MARCUS~1\MYDOCU~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\DOCUME~1\MARCUS~1\MYDOCU~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

#6 LS CalamityJane

LS CalamityJane

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 8814 posts

Posted 03 September 2006 - 08:36 PM

When I was running the full scan on Adaware, my McAfee virus protection kept popping up something about Puper trojan being found in several files within C:\System Volume Information or something like that? It said it could not be deleted or quarantined as it was write protected??

Yes, entries in the System Volume Information folder are protected by Windows from any 3rd party tools. That is your system restore backups. We'll purge those last, since nothing can run from there - it is only a threat should you choose to restore to a prior point (so don't do that at this time until we purge the old one. I'll cover that after we get your PC clean and working right)

Looks like just some orphaned entries in the registry left. HijackThis can fix those.

Open HijackThis and do a *system scan only*

When it finishes, checkmark these entries and then press the *fix checked* button

O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)

Let me know if you have any remaining issues you are seeing?
Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.

Look for the *New Topic* Button near the top right when viewing the forums.

Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center


Microsoft MVP/Windows - Security 2003-2009

#7 Barney

Barney

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 04 September 2006 - 07:11 PM

I have "fixed" the 3 entries to which you refer.

I am not noticing any other problems at present.

However, I was slightly concerned by the number of "critical objects" found by Adaware?!

#8 LS CalamityJane

LS CalamityJane

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 8814 posts

Posted 04 September 2006 - 08:14 PM

However, I was slightly concerned by the number of "critical objects" found by Adaware?!

This is what was found:

MRU List(TAC index:0):38 total references
Tracking Cookie(TAC index:3):59 total references

MRU's are not considered a threat, and in fact the "most recently used" lists can be helpful at times.

Cookies are also not really considered a threat either as they cannot harm your computer or cause hijacks. For some may consider them a privacy risk, it's not really related to your larger problem of the hijack, as there were no files nor registry items included in what was found.

Some final cleanup and prevention recomendations follow.

You can go ahead and delete any special tools we used (SmitRem, SmitfraudFix, ComboFix, etc). They won't serve a future purpose and are replaced with updated versions frequently, so the copies you have are probably already out of date and no need to keep them.

Do a disk cleanup. Go to Start > Run and type in the box: Cleanmgr
Wait while Windows scans your system for files to delete.
Make sure these 3 are checkmarked and press *ok* to delete them.

Temporary Files
Temporary Internet Files
Recycle Bin

Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?

One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Put a Checkmark in the box next to "Turn off System Restore".
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Remove the checkmark next to "Turn off System Restore".
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405
......................
I can't stress enough the importance of having your Windows critical Security Updates. Most malware today uses exploits on unpatched systems to creep onto your system without your even doing anything but visiting an infected webpage!!

Watch what you download, be careful where you surf, and don't trust attachments or even links in email and Instant messages. Even if they come from a buddy, that buddy could be the one infected and it is the virus sending that link from his account. You click on it thinking he is trusted, and *boom* you're infected.
Many "Phishing" attempts are made by cleverly crafted email to look like it is coming from an "official" source (like Microsoft, or your bank, or some other provider). Don't click on links in those. Go directly to the site instead and navigate the menus - don't trust email you think came from a "safe source" unless you are expecting it! There is more in the link I will provide below, but those are the choice avenues of infection these days.
Stay far AWAY from cracks and warez sites - you're sure to get infected files there, and the same can be said for files downloaded from p2p (more than half are usually infected and probably not detectable by your current security software - the newest nasties are always released in those venues).

A word about shared computers and networks.
Share Your PC
http://www.microsoft...hare/intro.mspx
Not all users need to have Admin Accounts. It is much safer to have most of your users on a shared system running as Limited User accounts. That way, if there is "an accident", it will only affect one user's account and not the entire system.


Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help :D.
How do I prevent Browser Hijacks and Spyware?
http://www.dslreports.com/faq/13620

I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE
Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!
Windows Update
http://update.micros...icrosoftupdate/

And see this link for instructions on how to configure the enhanced security features in SP2:
http://www.microsoft...xp/iesecxp.mspx

I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.

MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
http://www.microsoft...s/mbsahome.mspx
Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.

Also visit this Free Online Scanner from Microsoft for PC Health and Safety
http://safety.live.c...-US/default.htm
and Microsoft Security At Home
http://www.microsoft...ty/default.mspx
for tips to Protect your Pc, Protect yourself and Protect your Family.
Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.

Look for the *New Topic* Button near the top right when viewing the forums.

Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center


Microsoft MVP/Windows - Security 2003-2009




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users