i have been infected with this and have a hijackthis check. here are my results. please help
Logfile of HijackThis v1.99.1
Scan saved at 9:00:34 p.m., on 13/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\ismon.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
G:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Common Files\{C81AB774-04B2-1033-1129-010129200040}\Update.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\SlipStream Web Accelerator\slipaccel.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\twain_32\B12U12K\WATCH.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metacrawler.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>;*windowsupdate.com;download.microsoft.com;*windowsupdate.microsoft.com;codec
s.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupda
te.symantec.com;service1.symantec.com;*.nai.com;*.networkassociates.com;*.tradem
e.co.nz
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\SlipStream Web Accelerator\PBHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\Safety Bar.dll (file missing)
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Windows Explorer Update Build 1142] explorer32.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System-Service] C:\WINDOWS\SYSTEM\EXPLORER.SCR
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] G:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\RunServices: [Windows Explorer Update Build 1142] explorer32.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: SlipStream Web Accelerator.lnk = C:\Program Files\SlipStream Web Accelerator\slipaccel.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\B12U12K\WATCH.exe
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\SlipStream Web Accelerator\slipaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\SlipStream Web Accelerator\slipaccel.exe/227
O9 - Extra button: Internet SEXplorer - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\System32\windialup\movieplugin\windialup.exe (file missing)
O9 - Extra 'Tools' menuitem: Internet SEXplorer - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\System32\windialup\movieplugin\windialup.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} (UniInstaller Class) - http://www.webcamnow.com/fs5/voice/voice-installer.cab
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_cracks.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131827312390
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://us.i1.yimg.com/us.yimg.com/i/chat/w...110/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5677D734-56A6-41E1-A54F-44F8C7555ACE}: NameServer = 202.180.64.2 202.180.64.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{5677D734-56A6-41E1-A54F-44F8C7555ACE}: NameServer = 202.180.64.2 202.180.64.9
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\SYSTEM32\winjvd32.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
Full Version: Please HELP with syssecuritypage problem
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive General Support Issues
Hi ,
Apologies for the late reply, we've been quite swamped in here as you can probably see.
Are you still needing help?
I'm now subscribed to this topic so I will receive a notice from the board as soon as you reply, so I can be here much more quickly than it has taken to get to your new topic.
If you still need help we need two things:
1. Your Adaware Scan log with the latest reference file update.
Please make sure that you are using
Ad-aware SE Build 106r1
Note: If your version is 6.0 and not the SE, you need to uninstall and get the latest version from the above link.
[if not Uninstall your old Ad-aware first then install SE]
Then use the WebUpDate
to get the latest Definition file
SE1R119 15.08.2006
To do this Open Ad-aware
Click the WebUpDate
button at the top right hand side of the Ad-aware screen (The world globe).
Click "Connect"
Ad-aware will then download the latest Definition file for you.
To make sure it is updated , look at the main
Ad-aware screen, and look under "Initialization Status"
It should say the Latest Definition file.
then scan doing a "Full Scan"
and then post your logfile here by using the Add-Reply Feature .
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
...............
2. A fresh HijackThis log for review to see where you are now.
Apologies for the late reply, we've been quite swamped in here as you can probably see.
Are you still needing help?
I'm now subscribed to this topic so I will receive a notice from the board as soon as you reply, so I can be here much more quickly than it has taken to get to your new topic.
If you still need help we need two things:
1. Your Adaware Scan log with the latest reference file update.
Please make sure that you are using
Ad-aware SE Build 106r1
Note: If your version is 6.0 and not the SE, you need to uninstall and get the latest version from the above link.
[if not Uninstall your old Ad-aware first then install SE]
Then use the WebUpDate
to get the latest Definition file
SE1R119 15.08.2006
To do this Open Ad-aware
Click the WebUpDate
button at the top right hand side of the Ad-aware screen (The world globe).
Click "Connect"
Ad-aware will then download the latest Definition file for you.
To make sure it is updated , look at the main
Ad-aware screen, and look under "Initialization Status"
It should say the Latest Definition file.
then scan doing a "Full Scan"
and then post your logfile here by using the Add-Reply Feature .
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
...............
2. A fresh HijackThis log for review to see where you are now.
hi, sorry for the delayed response. here is my ad aware log.
Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, 3 September 2006 5:19:06 p.m.
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R121 28.08.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):14 total references
Tracking Cookie(TAC index:3):18 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
3-09-2006 5:19:06 p.m. - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Ryan\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 952
ThreadCreationTime : 3-09-2006 5:00:17 a.m.
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1216
ThreadCreationTime : 3-09-2006 5:00:21 a.m.
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1364
ThreadCreationTime : 3-09-2006 5:00:22 a.m.
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1524
ThreadCreationTime : 3-09-2006 5:00:23 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1600
ThreadCreationTime : 3-09-2006 5:00:23 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1920
ThreadCreationTime : 3-09-2006 5:00:27 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 212
ThreadCreationTime : 3-09-2006 5:00:27 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 640
ThreadCreationTime : 3-09-2006 5:00:28 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 940
ThreadCreationTime : 3-09-2006 5:00:31 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1120
ThreadCreationTime : 3-09-2006 5:00:31 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1560
ThreadCreationTime : 3-09-2006 5:00:37 a.m.
BasePriority : Normal
FileVersion : 7.1
ProductVersion : 7.1
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2001 Lexmark International, Inc.
OriginalFilename : LexBceS.exe
#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1624
ThreadCreationTime : 3-09-2006 5:00:38 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 388
ThreadCreationTime : 3-09-2006 5:00:39 a.m.
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:14 [nhksrv.exe]
FilePath : C:\Apps\ActivBoard\
ProcessID : 1024
ThreadCreationTime : 3-09-2006 5:00:40 a.m.
BasePriority : Normal
#:15 [isafe.exe]
FilePath : C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\
ProcessID : 1212
ThreadCreationTime : 3-09-2006 5:00:41 a.m.
BasePriority : Normal
FileVersion : Version 11.0.8.1
ProductVersion : Version 11.0.8.1
ProductName : Computer Associates Antivirus
CompanyName : Computer Associates International, Inc.
FileDescription : CA ISafe Service
InternalName : ISafe
LegalCopyright : © 2004 Computer Associates International, Inc.
LegalTrademarks : Trademark of Computer Associates International, Inc.
OriginalFilename : ISafe.exe
#:16 [crypserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1860
ThreadCreationTime : 3-09-2006 5:00:41 a.m.
BasePriority : High
FileVersion : 5.4.0
ProductVersion : 5.4
ProductName : CrypKey Software Licensing System
CompanyName : Kenonic Controls Ltd.
FileDescription : CrypKey NT Service
InternalName : crypserv
LegalCopyright : Copyright © 2000
LegalTrademarks : CrypKey
OriginalFilename : crypserv.exe
Comments : Operates in all directories, not just configured ones. Directory configuration only used for fille clean up and uninstall. 0/3 fixed problem with other partitions. 0/6 fixed problem with short paths
#:17 [slserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1576
ThreadCreationTime : 3-09-2006 5:00:42 a.m.
BasePriority : Normal
#:18 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1900
ThreadCreationTime : 3-09-2006 5:00:43 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:19 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 344
ThreadCreationTime : 3-09-2006 5:00:43 a.m.
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:20 [vetmsg.exe]
FilePath : C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\
ProcessID : 832
ThreadCreationTime : 3-09-2006 5:00:46 a.m.
BasePriority : Normal
FileVersion : Version 11.0.8.1
ProductVersion : Version 11.0.8.1
ProductName : Computer Associates Antivirus
CompanyName : Computer Associates International, Inc.
FileDescription : CA Antivirus Realtime Messaging Service
InternalName : vetmsg
LegalCopyright : © 2004 Computer Associates International, Inc.
LegalTrademarks : Trademark of Computer Associates International, Inc.
OriginalFilename : vetmsg.exe
#:21 [monitor.exe]
FilePath : C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\
ProcessID : 2020
ThreadCreationTime : 3-09-2006 5:00:55 a.m.
BasePriority : Normal
FileVersion : 8.0.0.0
ProductVersion : 8.0.0.0
ProductName : Ulead Photo Explorer
CompanyName : Ulead Systems, Inc.
FileDescription : MONITOR
InternalName : MONITOR
LegalCopyright : Copyright c1992-2001. Ulead Systems, Inc. All rights reserved.
LegalTrademarks : Ulead Systems, MediaStudio and PhotoImpact are registered trademarks of Ulead Systems, Inc.
OriginalFilename : MONITOR.EXE
#:22 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2032
ThreadCreationTime : 3-09-2006 5:00:55 a.m.
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:23 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 176
ThreadCreationTime : 3-09-2006 5:00:55 a.m.
BasePriority : Normal
FileVersion : 7.0.3
ProductVersion : QuickTime 7.0.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2005
OriginalFilename : QTTask.exe
#:24 [pwrisovm.exe]
FilePath : G:\Program Files\PowerISO\
ProcessID : 196
ThreadCreationTime : 3-09-2006 5:00:56 a.m.
BasePriority : Normal
FileVersion : 3, 0, 0, 0
ProductVersion : 3, 0, 0, 0
ProductName : PowerISO Virtual Drive Manager
CompanyName : PowerISO Computing, Inc.
FileDescription : PowerISO Virtual Drive Manager
InternalName : PowerISO Virtual Drive Manager
LegalCopyright : Copyright © 2004-2006
OriginalFilename : PWRISOVM.EXE
Comments : http://www.poweriso.com
#:25 [lxsupmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 724
ThreadCreationTime : 3-09-2006 5:00:58 a.m.
BasePriority : Normal
FileVersion : 2.2.64.1
ProductVersion : 2.2.64.1
ProductName : Lexmark Supplies Monitor
CompanyName : Lexmark International Inc.
FileDescription : Supplies Monitor
InternalName : LXSUPMON
LegalCopyright : Copyright © 2000
OriginalFilename : LXSUPMON.RC
#:26 [igfxtray.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 768
ThreadCreationTime : 3-09-2006 5:00:58 a.m.
BasePriority : Normal
FileVersion : 3,0,0,1132
ProductVersion : 7,0,0,1132
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2001, Intel Corporation
OriginalFilename : IGFXTRAY.EXE
#:27 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 652
ThreadCreationTime : 3-09-2006 5:00:59 a.m.
BasePriority : Normal
FileVersion : 3,0,0,1132
ProductVersion : 7,0,0,1132
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2001, Intel Corporation
OriginalFilename : HKCMD.EXE
#:28 [em_exec.exe]
FilePath : C:\PROGRA~1\MOUSEW~1\SYSTEM\
ProcessID : 824
ThreadCreationTime : 3-09-2006 5:01:00 a.m.
BasePriority : Normal
FileVersion : 9.40.139
ProductVersion : 9.40
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2001.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team
#:29 [cavrid.exe]
FilePath : C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\
ProcessID : 932
ThreadCreationTime : 3-09-2006 5:01:00 a.m.
BasePriority : Normal
FileVersion : Version 11.0.8.1
ProductVersion : Version 11.0.8.1
ProductName : Computer Associates Antivirus
CompanyName : Computer Associates International, Inc.
FileDescription : CA Antivirus Realtime Infection Report
InternalName : CAVRid
LegalCopyright : © 2004 Computer Associates International, Inc.
LegalTrademarks : Trademark of Computer Associates International, Inc.
OriginalFilename : CAVRid.exe
#:30 [cavtray.exe]
FilePath : C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\
ProcessID : 1144
ThreadCreationTime : 3-09-2006 5:01:01 a.m.
BasePriority : Normal
FileVersion : Version 11.0.8.1
ProductVersion : Version 11.0.8.1
ProductName : Computer Associates Antivirus
CompanyName : Computer Associates International, Inc.
FileDescription : CA Antivirus System Tray Application
InternalName : CAVTray
LegalCopyright : © 2004 Computer Associates International, Inc.
LegalTrademarks : Trademark of Computer Associates International, Inc.
OriginalFilename : CAVTray.exe
#:31 [mmkeybd.exe]
FilePath : C:\Apps\ActivBoard\
ProcessID : 1296
ThreadCreationTime : 3-09-2006 5:01:02 a.m.
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Netropa Hot Key
CompanyName : Netropa Corp.
FileDescription : Netropa® Hot Key
InternalName : Netropa Hot Key
LegalCopyright : Copyright © 2000-2001 Netropa Corp.
OriginalFilename : nhk.exe
#:32 [update.exe]
FilePath : C:\Program Files\Common Files\{C81AB774-04B2-1033-1129-010129200040}\
ProcessID : 1704
ThreadCreationTime : 3-09-2006 5:01:03 a.m.
BasePriority : Normal
#:33 [wkcalrem.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ProcessID : 948
ThreadCreationTime : 3-09-2006 5:01:10 a.m.
BasePriority : Normal
FileVersion : 6.00.1828.1
ProductVersion : 6.00.1828.1
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFilename : WKCALREM.EXE
#:34 [traymon.exe]
FilePath : C:\Apps\ActivBoard\
ProcessID : 1188
ThreadCreationTime : 3-09-2006 5:01:10 a.m.
BasePriority : Normal
#:35 [slipaccel.exe]
FilePath : C:\Program Files\SlipStream Web Accelerator\
ProcessID : 1728
ThreadCreationTime : 3-09-2006 5:01:11 a.m.
BasePriority : Normal
ProductName : SlipStream Web Accelerator
CompanyName : SlipStream Data Inc.
FileDescription : SlipStream Web Accelerator Client Application
InternalName : SlipStream Web Accelerator
LegalCopyright : Copyright © 2002
#:36 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2092
ThreadCreationTime : 3-09-2006 5:01:12 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:37 [osd.exe]
FilePath : C:\Apps\ActivBoard\
ProcessID : 2464
ThreadCreationTime : 3-09-2006 5:01:15 a.m.
BasePriority : Normal
FileVersion : 2.02
ProductVersion : 2.02
ProductName : Onscreen Display
CompanyName : Netropa Corp.
FileDescription : Netropa® Onscreen Display
InternalName : OSD
LegalCopyright : Copyright © 1997-2001 Netropa Corp.
OriginalFilename : osd.exe
#:38 [watch.exe]
FilePath : C:\WINDOWS\twain_32\B12U12K\
ProcessID : 2548
ThreadCreationTime : 3-09-2006 5:01:16 a.m.
BasePriority : Normal
FileVersion : 2, 3, 2, 7
ProductVersion : 2, 3, 2, 7
ProductName : Watch Dog
CompanyName : Common Group
FileDescription : Watch Dog
InternalName : Tiffany
LegalCopyright : Copyright © 1998
OriginalFilename : WATCH.EXE
#:39 [slrundll.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2852
ThreadCreationTime : 3-09-2006 5:04:18 a.m.
BasePriority : Normal
#:40 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2360
ThreadCreationTime : 3-09-2006 5:05:32 a.m.
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:41 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3744
ThreadCreationTime : 3-09-2006 5:13:00 a.m.
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@instadia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:ryan@instadia.net/
Expires : 30-08-2008 6:41:12 p.m.
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@ehg-wizardsofthecoast.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:79
Value : Cookie:ryan@ehg-wizardsofthecoast.hitbox.com/
Expires : 3-09-2007 10:27:36 a.m.
LastSync : Hits:79
UseCount : 0
Hits : 79
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:61
Value : Cookie:ryan@fastclick.net/
Expires : 2-09-2008 10:13:06 a.m.
LastSync : Hits:61
UseCount : 0
Hits : 61
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@fad-608.iad6.targetnet[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:ryan@fad-608.iad6.targetnet.com/
Expires : 17-09-2006 8:35:28 a.m.
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@maxserving[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:ryan@maxserving.com/
Expires : 28-08-2016 6:38:26 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:ryan@mediaplex.com/
Expires : 22-06-2009 12:00:00 p.m.
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:ryan@tribalfusion.com/
Expires : 1-01-2038 12:00:00 p.m.
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@vegasred[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:ryan@vegasred.com/
Expires : 30-10-2025 6:36:26 p.m.
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:62
Value : Cookie:ryan@advertising.com/
Expires : 1-09-2011 3:51:14 p.m.
LastSync : Hits:62
UseCount : 0
Hits : 62
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@targetnet[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:21
Value : Cookie:ryan@targetnet.com/
Expires : 18-05-2033 3:33:20 p.m.
LastSync : Hits:21
UseCount : 0
Hits : 21
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:ryan@atdmt.com/
Expires : 30-08-2011 12:00:00 p.m.
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@media.fastclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:13
Value : Cookie:ryan@media.fastclick.net/
Expires : 3-09-2006 11:15:12 a.m.
LastSync : Hits:13
UseCount : 0
Hits : 13
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@ads.addynamix[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:ryan@ads.addynamix.com/
Expires : 4-09-2006 8:41:40 a.m.
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@adserver.adreactor[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:ryan@adserver.adreactor.com/
Expires : 3-09-2007 9:16:04 a.m.
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@www.vegasred[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:ryan@www.vegasred.com/
Expires : 31-08-2011 2:36:26 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@casalemedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:ryan@casalemedia.com/
Expires : 25-08-2007 4:41:40 a.m.
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:ryan@doubleclick.net/
Expires : 31-08-2009 8:48:14 a.m.
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@~~local~~[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:ryan@~~local~~/
Expires : 15-09-2006 11:51:48 a.m.
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 18
Objects found so far: 32
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 32
Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 32
Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 32
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 32
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 32
5:45:54 p.m. Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:26:48.515
Objects scanned:174299
Objects identified:18
Objects ignored:0
New critical objects:18
Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, 3 September 2006 5:19:06 p.m.
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R121 28.08.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):14 total references
Tracking Cookie(TAC index:3):18 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
3-09-2006 5:19:06 p.m. - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Ryan\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 952
ThreadCreationTime : 3-09-2006 5:00:17 a.m.
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1216
ThreadCreationTime : 3-09-2006 5:00:21 a.m.
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1364
ThreadCreationTime : 3-09-2006 5:00:22 a.m.
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1524
ThreadCreationTime : 3-09-2006 5:00:23 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1600
ThreadCreationTime : 3-09-2006 5:00:23 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1920
ThreadCreationTime : 3-09-2006 5:00:27 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 212
ThreadCreationTime : 3-09-2006 5:00:27 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 640
ThreadCreationTime : 3-09-2006 5:00:28 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 940
ThreadCreationTime : 3-09-2006 5:00:31 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1120
ThreadCreationTime : 3-09-2006 5:00:31 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1560
ThreadCreationTime : 3-09-2006 5:00:37 a.m.
BasePriority : Normal
FileVersion : 7.1
ProductVersion : 7.1
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2001 Lexmark International, Inc.
OriginalFilename : LexBceS.exe
#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1624
ThreadCreationTime : 3-09-2006 5:00:38 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 388
ThreadCreationTime : 3-09-2006 5:00:39 a.m.
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:14 [nhksrv.exe]
FilePath : C:\Apps\ActivBoard\
ProcessID : 1024
ThreadCreationTime : 3-09-2006 5:00:40 a.m.
BasePriority : Normal
#:15 [isafe.exe]
FilePath : C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\
ProcessID : 1212
ThreadCreationTime : 3-09-2006 5:00:41 a.m.
BasePriority : Normal
FileVersion : Version 11.0.8.1
ProductVersion : Version 11.0.8.1
ProductName : Computer Associates Antivirus
CompanyName : Computer Associates International, Inc.
FileDescription : CA ISafe Service
InternalName : ISafe
LegalCopyright : © 2004 Computer Associates International, Inc.
LegalTrademarks : Trademark of Computer Associates International, Inc.
OriginalFilename : ISafe.exe
#:16 [crypserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1860
ThreadCreationTime : 3-09-2006 5:00:41 a.m.
BasePriority : High
FileVersion : 5.4.0
ProductVersion : 5.4
ProductName : CrypKey Software Licensing System
CompanyName : Kenonic Controls Ltd.
FileDescription : CrypKey NT Service
InternalName : crypserv
LegalCopyright : Copyright © 2000
LegalTrademarks : CrypKey
OriginalFilename : crypserv.exe
Comments : Operates in all directories, not just configured ones. Directory configuration only used for fille clean up and uninstall. 0/3 fixed problem with other partitions. 0/6 fixed problem with short paths
#:17 [slserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1576
ThreadCreationTime : 3-09-2006 5:00:42 a.m.
BasePriority : Normal
#:18 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1900
ThreadCreationTime : 3-09-2006 5:00:43 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:19 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 344
ThreadCreationTime : 3-09-2006 5:00:43 a.m.
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:20 [vetmsg.exe]
FilePath : C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\
ProcessID : 832
ThreadCreationTime : 3-09-2006 5:00:46 a.m.
BasePriority : Normal
FileVersion : Version 11.0.8.1
ProductVersion : Version 11.0.8.1
ProductName : Computer Associates Antivirus
CompanyName : Computer Associates International, Inc.
FileDescription : CA Antivirus Realtime Messaging Service
InternalName : vetmsg
LegalCopyright : © 2004 Computer Associates International, Inc.
LegalTrademarks : Trademark of Computer Associates International, Inc.
OriginalFilename : vetmsg.exe
#:21 [monitor.exe]
FilePath : C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\
ProcessID : 2020
ThreadCreationTime : 3-09-2006 5:00:55 a.m.
BasePriority : Normal
FileVersion : 8.0.0.0
ProductVersion : 8.0.0.0
ProductName : Ulead Photo Explorer
CompanyName : Ulead Systems, Inc.
FileDescription : MONITOR
InternalName : MONITOR
LegalCopyright : Copyright c1992-2001. Ulead Systems, Inc. All rights reserved.
LegalTrademarks : Ulead Systems, MediaStudio and PhotoImpact are registered trademarks of Ulead Systems, Inc.
OriginalFilename : MONITOR.EXE
#:22 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2032
ThreadCreationTime : 3-09-2006 5:00:55 a.m.
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:23 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 176
ThreadCreationTime : 3-09-2006 5:00:55 a.m.
BasePriority : Normal
FileVersion : 7.0.3
ProductVersion : QuickTime 7.0.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2005
OriginalFilename : QTTask.exe
#:24 [pwrisovm.exe]
FilePath : G:\Program Files\PowerISO\
ProcessID : 196
ThreadCreationTime : 3-09-2006 5:00:56 a.m.
BasePriority : Normal
FileVersion : 3, 0, 0, 0
ProductVersion : 3, 0, 0, 0
ProductName : PowerISO Virtual Drive Manager
CompanyName : PowerISO Computing, Inc.
FileDescription : PowerISO Virtual Drive Manager
InternalName : PowerISO Virtual Drive Manager
LegalCopyright : Copyright © 2004-2006
OriginalFilename : PWRISOVM.EXE
Comments : http://www.poweriso.com
#:25 [lxsupmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 724
ThreadCreationTime : 3-09-2006 5:00:58 a.m.
BasePriority : Normal
FileVersion : 2.2.64.1
ProductVersion : 2.2.64.1
ProductName : Lexmark Supplies Monitor
CompanyName : Lexmark International Inc.
FileDescription : Supplies Monitor
InternalName : LXSUPMON
LegalCopyright : Copyright © 2000
OriginalFilename : LXSUPMON.RC
#:26 [igfxtray.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 768
ThreadCreationTime : 3-09-2006 5:00:58 a.m.
BasePriority : Normal
FileVersion : 3,0,0,1132
ProductVersion : 7,0,0,1132
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2001, Intel Corporation
OriginalFilename : IGFXTRAY.EXE
#:27 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 652
ThreadCreationTime : 3-09-2006 5:00:59 a.m.
BasePriority : Normal
FileVersion : 3,0,0,1132
ProductVersion : 7,0,0,1132
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2001, Intel Corporation
OriginalFilename : HKCMD.EXE
#:28 [em_exec.exe]
FilePath : C:\PROGRA~1\MOUSEW~1\SYSTEM\
ProcessID : 824
ThreadCreationTime : 3-09-2006 5:01:00 a.m.
BasePriority : Normal
FileVersion : 9.40.139
ProductVersion : 9.40
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2001.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team
#:29 [cavrid.exe]
FilePath : C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\
ProcessID : 932
ThreadCreationTime : 3-09-2006 5:01:00 a.m.
BasePriority : Normal
FileVersion : Version 11.0.8.1
ProductVersion : Version 11.0.8.1
ProductName : Computer Associates Antivirus
CompanyName : Computer Associates International, Inc.
FileDescription : CA Antivirus Realtime Infection Report
InternalName : CAVRid
LegalCopyright : © 2004 Computer Associates International, Inc.
LegalTrademarks : Trademark of Computer Associates International, Inc.
OriginalFilename : CAVRid.exe
#:30 [cavtray.exe]
FilePath : C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\
ProcessID : 1144
ThreadCreationTime : 3-09-2006 5:01:01 a.m.
BasePriority : Normal
FileVersion : Version 11.0.8.1
ProductVersion : Version 11.0.8.1
ProductName : Computer Associates Antivirus
CompanyName : Computer Associates International, Inc.
FileDescription : CA Antivirus System Tray Application
InternalName : CAVTray
LegalCopyright : © 2004 Computer Associates International, Inc.
LegalTrademarks : Trademark of Computer Associates International, Inc.
OriginalFilename : CAVTray.exe
#:31 [mmkeybd.exe]
FilePath : C:\Apps\ActivBoard\
ProcessID : 1296
ThreadCreationTime : 3-09-2006 5:01:02 a.m.
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Netropa Hot Key
CompanyName : Netropa Corp.
FileDescription : Netropa® Hot Key
InternalName : Netropa Hot Key
LegalCopyright : Copyright © 2000-2001 Netropa Corp.
OriginalFilename : nhk.exe
#:32 [update.exe]
FilePath : C:\Program Files\Common Files\{C81AB774-04B2-1033-1129-010129200040}\
ProcessID : 1704
ThreadCreationTime : 3-09-2006 5:01:03 a.m.
BasePriority : Normal
#:33 [wkcalrem.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ProcessID : 948
ThreadCreationTime : 3-09-2006 5:01:10 a.m.
BasePriority : Normal
FileVersion : 6.00.1828.1
ProductVersion : 6.00.1828.1
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFilename : WKCALREM.EXE
#:34 [traymon.exe]
FilePath : C:\Apps\ActivBoard\
ProcessID : 1188
ThreadCreationTime : 3-09-2006 5:01:10 a.m.
BasePriority : Normal
#:35 [slipaccel.exe]
FilePath : C:\Program Files\SlipStream Web Accelerator\
ProcessID : 1728
ThreadCreationTime : 3-09-2006 5:01:11 a.m.
BasePriority : Normal
ProductName : SlipStream Web Accelerator
CompanyName : SlipStream Data Inc.
FileDescription : SlipStream Web Accelerator Client Application
InternalName : SlipStream Web Accelerator
LegalCopyright : Copyright © 2002
#:36 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2092
ThreadCreationTime : 3-09-2006 5:01:12 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:37 [osd.exe]
FilePath : C:\Apps\ActivBoard\
ProcessID : 2464
ThreadCreationTime : 3-09-2006 5:01:15 a.m.
BasePriority : Normal
FileVersion : 2.02
ProductVersion : 2.02
ProductName : Onscreen Display
CompanyName : Netropa Corp.
FileDescription : Netropa® Onscreen Display
InternalName : OSD
LegalCopyright : Copyright © 1997-2001 Netropa Corp.
OriginalFilename : osd.exe
#:38 [watch.exe]
FilePath : C:\WINDOWS\twain_32\B12U12K\
ProcessID : 2548
ThreadCreationTime : 3-09-2006 5:01:16 a.m.
BasePriority : Normal
FileVersion : 2, 3, 2, 7
ProductVersion : 2, 3, 2, 7
ProductName : Watch Dog
CompanyName : Common Group
FileDescription : Watch Dog
InternalName : Tiffany
LegalCopyright : Copyright © 1998
OriginalFilename : WATCH.EXE
#:39 [slrundll.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2852
ThreadCreationTime : 3-09-2006 5:04:18 a.m.
BasePriority : Normal
#:40 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2360
ThreadCreationTime : 3-09-2006 5:05:32 a.m.
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:41 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3744
ThreadCreationTime : 3-09-2006 5:13:00 a.m.
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@instadia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:ryan@instadia.net/
Expires : 30-08-2008 6:41:12 p.m.
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@ehg-wizardsofthecoast.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:79
Value : Cookie:ryan@ehg-wizardsofthecoast.hitbox.com/
Expires : 3-09-2007 10:27:36 a.m.
LastSync : Hits:79
UseCount : 0
Hits : 79
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:61
Value : Cookie:ryan@fastclick.net/
Expires : 2-09-2008 10:13:06 a.m.
LastSync : Hits:61
UseCount : 0
Hits : 61
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@fad-608.iad6.targetnet[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:ryan@fad-608.iad6.targetnet.com/
Expires : 17-09-2006 8:35:28 a.m.
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@maxserving[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:ryan@maxserving.com/
Expires : 28-08-2016 6:38:26 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:ryan@mediaplex.com/
Expires : 22-06-2009 12:00:00 p.m.
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:ryan@tribalfusion.com/
Expires : 1-01-2038 12:00:00 p.m.
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@vegasred[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:ryan@vegasred.com/
Expires : 30-10-2025 6:36:26 p.m.
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:62
Value : Cookie:ryan@advertising.com/
Expires : 1-09-2011 3:51:14 p.m.
LastSync : Hits:62
UseCount : 0
Hits : 62
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@targetnet[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:21
Value : Cookie:ryan@targetnet.com/
Expires : 18-05-2033 3:33:20 p.m.
LastSync : Hits:21
UseCount : 0
Hits : 21
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:ryan@atdmt.com/
Expires : 30-08-2011 12:00:00 p.m.
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@media.fastclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:13
Value : Cookie:ryan@media.fastclick.net/
Expires : 3-09-2006 11:15:12 a.m.
LastSync : Hits:13
UseCount : 0
Hits : 13
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@ads.addynamix[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:ryan@ads.addynamix.com/
Expires : 4-09-2006 8:41:40 a.m.
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@adserver.adreactor[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:ryan@adserver.adreactor.com/
Expires : 3-09-2007 9:16:04 a.m.
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@www.vegasred[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:ryan@www.vegasred.com/
Expires : 31-08-2011 2:36:26 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@casalemedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:ryan@casalemedia.com/
Expires : 25-08-2007 4:41:40 a.m.
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:ryan@doubleclick.net/
Expires : 31-08-2009 8:48:14 a.m.
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@~~local~~[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:ryan@~~local~~/
Expires : 15-09-2006 11:51:48 a.m.
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 18
Objects found so far: 32
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 32
Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 32
Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 32
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 32
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 32
5:45:54 p.m. Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:26:48.515
Objects scanned:174299
Objects identified:18
Objects ignored:0
New critical objects:18
and here is my hijackthis log. please let me know what i need to do and thanks.
Logfile of HijackThis v1.99.1
Scan saved at 5:12:16 p.m., on 3/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
G:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Common Files\{C81AB774-04B2-1033-1129-010129200040}\Update.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Program Files\SlipStream Web Accelerator\slipaccel.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\twain_32\B12U12K\WATCH.exe
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metacrawler.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>;*windowsupdate.com;download.microsoft.com;*windowsupdate.microsoft.com;codec
s.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupda
te.symantec.com;service1.symantec.com;*.nai.com;*.networkassociates.com;*.tradem
e.co.nz
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\SlipStream Web Accelerator\PBHelper.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Windows Explorer Update Build 1142] explorer32.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System-Service] C:\WINDOWS\SYSTEM\EXPLORER.SCR
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] G:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\RunServices: [Windows Explorer Update Build 1142] explorer32.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: SlipStream Web Accelerator.lnk = C:\Program Files\SlipStream Web Accelerator\slipaccel.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\B12U12K\WATCH.exe
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\SlipStream Web Accelerator\slipaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\SlipStream Web Accelerator\slipaccel.exe/227
O9 - Extra button: Internet SEXplorer - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\System32\windialup\movieplugin\windialup.exe (file missing)
O9 - Extra 'Tools' menuitem: Internet SEXplorer - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\System32\windialup\movieplugin\windialup.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} (UniInstaller Class) - http://www.webcamnow.com/fs5/voice/voice-installer.cab
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131827312390
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://us.i1.yimg.com/us.yimg.com/i/chat/w...110/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5677D734-56A6-41E1-A54F-44F8C7555ACE}: NameServer = 202.180.64.2 202.180.64.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{5677D734-56A6-41E1-A54F-44F8C7555ACE}: NameServer = 202.180.64.2 202.180.64.9
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\SYSTEM32\winjvd32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
Logfile of HijackThis v1.99.1
Scan saved at 5:12:16 p.m., on 3/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
G:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Common Files\{C81AB774-04B2-1033-1129-010129200040}\Update.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Program Files\SlipStream Web Accelerator\slipaccel.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\twain_32\B12U12K\WATCH.exe
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metacrawler.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>;*windowsupdate.com;download.microsoft.com;*windowsupdate.microsoft.com;codec
s.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupda
te.symantec.com;service1.symantec.com;*.nai.com;*.networkassociates.com;*.tradem
e.co.nz
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\SlipStream Web Accelerator\PBHelper.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Windows Explorer Update Build 1142] explorer32.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System-Service] C:\WINDOWS\SYSTEM\EXPLORER.SCR
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] G:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\RunServices: [Windows Explorer Update Build 1142] explorer32.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: SlipStream Web Accelerator.lnk = C:\Program Files\SlipStream Web Accelerator\slipaccel.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\B12U12K\WATCH.exe
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\SlipStream Web Accelerator\slipaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\SlipStream Web Accelerator\slipaccel.exe/227
O9 - Extra button: Internet SEXplorer - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\System32\windialup\movieplugin\windialup.exe (file missing)
O9 - Extra 'Tools' menuitem: Internet SEXplorer - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\System32\windialup\movieplugin\windialup.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} (UniInstaller Class) - http://www.webcamnow.com/fs5/voice/voice-installer.cab
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131827312390
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://us.i1.yimg.com/us.yimg.com/i/chat/w...110/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5677D734-56A6-41E1-A54F-44F8C7555ACE}: NameServer = 202.180.64.2 202.180.64.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{5677D734-56A6-41E1-A54F-44F8C7555ACE}: NameServer = 202.180.64.2 202.180.64.9
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\SYSTEM32\winjvd32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
That's a nasty log. You have more than spyware problems, you have had at least 3 worms/backdoor trojans that steal information, download code from the internet and allow access to a remote attacker.
What is a backdoor or remote access trojan?
Read this article.
Danger: Remote Access Trojans
http://www.microsoft.com/technet/security/...o/virusrat.mspx
Basically, your system has been compromised. Anyone may have had access to anything on your system or done whatever they want to it and hidden it from you. The rootkit makes it worse as your system is no longer trustworthy.
IMHO, You need to disconnect this PC from the internet and from your network if it is on a network. Then, acceess this information from a non-compromised computer to follow the steps needed.
When should I re-format? How should I reinstall?
http://www.dslreports.com/faq/10063
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451
I really don't recommend trying to clean it. While we can remove the infected files, none of the scanners can address any damage done to the system to lower overall system security. Your antivirus may be out of date or damaged because it should have caught these. They are known to be AV/firewall killers so you may need to uninstall reinstall your security programs and make sure you have updated versions.
.......................
Look in your Control Panel in *Add/Remove Programs* for the following
Cowabanga by OIN
ipwins
PuritySCAN By OIN,
Snowballwars by OIN,
OuterInfo or similar
TizzleTalk by OIN
Yazzle
(Anything) by OIN
If any of those names are found, click on it and click remove.
If none are listed, download and run this uninstaller:
here.
Reboot your computer into SAFE MODE (important step!)
You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.
How to start the computer in Safe mode
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
..................
Scan with HijackThis and do a *system scan only*
Checkmark these items in the list and then press the *fix checked* button
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [Windows Explorer Update Build 1142] explorer32.exe
O4 - HKLM\..\Run: [System-Service] C:\WINDOWS\SYSTEM\EXPLORER.SCR
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\RunServices: [Windows Explorer Update Build 1142] explorer32.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O9 - Extra button: Internet SEXplorer - {47055D63-DFCD-11d3-8406-00500445A7D1} -
C:\WINDOWS\System32\windialup\movieplugin\windialup.exe (file missing)
O9 - Extra 'Tools' menuitem: Internet SEXplorer - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\System32\windialup\movieplugin\windialup.exe (file missing)
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\SYSTEM32\winjvd32.dll
Delete these files and/or folders (if found). If not found they may have been removed by a prior cleaning step.
C:\Program Files\Common Files\{C81AB774-04B2-1033-1129-010129200040} (folder)
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe (file)
C:\WINDOWS\System32\windialup (folder)
C:\WINDOWS\SYSTEM32\winjvd32.dll (file)
explorer32.exe (file)
C:\WINDOWS\SYSTEM\EXPLORER.SCR
Get some online scans, I recommend at least two of the following and let them remove any infected files found
Trend Micro (PC-cillin) - Free on-line Scan
http://housecall.antivirus.com
Panda's Active Scan
http://www.pandasoftware.com/products/activescan.htm
Ewido free online scanner
http://www.ewido.net/en/onlinescan/
..........................
Here is what all I could identify on your log as the more serious threats.
Troj/Torpig-J
http://www.sophos.com/virusinfo/analyses/trojtorpigj.html
................................................
W32/KWBot-A Description
http://www.sophos.com/virusinfo/analyses/w32kwbota.html
.........................................
W32/Benjamin-A - Description
http://www.sophos.com/virusinfo/analyses/w32benjamina.html
What is a backdoor or remote access trojan?
Read this article.
Danger: Remote Access Trojans
http://www.microsoft.com/technet/security/...o/virusrat.mspx
Basically, your system has been compromised. Anyone may have had access to anything on your system or done whatever they want to it and hidden it from you. The rootkit makes it worse as your system is no longer trustworthy.
IMHO, You need to disconnect this PC from the internet and from your network if it is on a network. Then, acceess this information from a non-compromised computer to follow the steps needed.
When should I re-format? How should I reinstall?
http://www.dslreports.com/faq/10063
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451
I really don't recommend trying to clean it. While we can remove the infected files, none of the scanners can address any damage done to the system to lower overall system security. Your antivirus may be out of date or damaged because it should have caught these. They are known to be AV/firewall killers so you may need to uninstall reinstall your security programs and make sure you have updated versions.
.......................
Look in your Control Panel in *Add/Remove Programs* for the following
Cowabanga by OIN
ipwins
PuritySCAN By OIN,
Snowballwars by OIN,
OuterInfo or similar
TizzleTalk by OIN
Yazzle
(Anything) by OIN
If any of those names are found, click on it and click remove.
If none are listed, download and run this uninstaller:
here.
Reboot your computer into SAFE MODE (important step!)
You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.
How to start the computer in Safe mode
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
..................
Scan with HijackThis and do a *system scan only*
Checkmark these items in the list and then press the *fix checked* button
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [Windows Explorer Update Build 1142] explorer32.exe
O4 - HKLM\..\Run: [System-Service] C:\WINDOWS\SYSTEM\EXPLORER.SCR
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\RunServices: [Windows Explorer Update Build 1142] explorer32.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O9 - Extra button: Internet SEXplorer - {47055D63-DFCD-11d3-8406-00500445A7D1} -
C:\WINDOWS\System32\windialup\movieplugin\windialup.exe (file missing)
O9 - Extra 'Tools' menuitem: Internet SEXplorer - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\System32\windialup\movieplugin\windialup.exe (file missing)
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\SYSTEM32\winjvd32.dll
Delete these files and/or folders (if found). If not found they may have been removed by a prior cleaning step.
C:\Program Files\Common Files\{C81AB774-04B2-1033-1129-010129200040} (folder)
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe (file)
C:\WINDOWS\System32\windialup (folder)
C:\WINDOWS\SYSTEM32\winjvd32.dll (file)
explorer32.exe (file)
C:\WINDOWS\SYSTEM\EXPLORER.SCR
Get some online scans, I recommend at least two of the following and let them remove any infected files found
Trend Micro (PC-cillin) - Free on-line Scan
http://housecall.antivirus.com
Panda's Active Scan
http://www.pandasoftware.com/products/activescan.htm
Ewido free online scanner
http://www.ewido.net/en/onlinescan/
..........................
Here is what all I could identify on your log as the more serious threats.
Troj/Torpig-J
http://www.sophos.com/virusinfo/analyses/trojtorpigj.html
QUOTE
This section contains the description and advanced technical information
Side effects
* Steals information
* Downloads code from the internet
* Reduces system security
* Installs itself in the Registry
Troj/Torpig-J is a Trojan for the Windows platform.
When Troj/Torpig-J is installed the following files are created:
<Common Files>\Microsoft Shared\Web Folders\ibm00001.dll (detected as Troj/Torpig-J)
<Common Files>\Microsoft Shared\Web Folders\ibm00001.exe (detected as Troj/Torpig-J)
<Common Files>\Microsoft Shared\Web Folders\ibm00002.dll (detected as Troj/Torpig-J)
<Common Files>\Microsoft Shared\Web Folders\tmp.tmp (This file is harmless and may be safely deleted)
The following registry entry is created to run ibm00001.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Shell
<path to ibm00001.exe>
The following registry entry is changed to run ibm00001.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
explorer.exe "<path to ibm00001.exe>"
(the default value for this registry entry is "Explorer.exe" which causes the Microsoft file <Windows folder>\Explorer.exe to be run on startup).
An entry may be added to the file SYSTEM.INI in the "boot" section with a key name of "shell" to attempt to run ibm00001.exe on startup.
Troj/Torpig-J attempts to steal passwords, as well as logging keypresses and open window titles to text files and periodically sends the collected information to a remote user via HTTP.
Troj/Torpig-J automatically closes security warning messages displayed by common anti-virus and security related applications
Side effects
* Steals information
* Downloads code from the internet
* Reduces system security
* Installs itself in the Registry
Troj/Torpig-J is a Trojan for the Windows platform.
When Troj/Torpig-J is installed the following files are created:
<Common Files>\Microsoft Shared\Web Folders\ibm00001.dll (detected as Troj/Torpig-J)
<Common Files>\Microsoft Shared\Web Folders\ibm00001.exe (detected as Troj/Torpig-J)
<Common Files>\Microsoft Shared\Web Folders\ibm00002.dll (detected as Troj/Torpig-J)
<Common Files>\Microsoft Shared\Web Folders\tmp.tmp (This file is harmless and may be safely deleted)
The following registry entry is created to run ibm00001.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Shell
<path to ibm00001.exe>
The following registry entry is changed to run ibm00001.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
explorer.exe "<path to ibm00001.exe>"
(the default value for this registry entry is "Explorer.exe" which causes the Microsoft file <Windows folder>\Explorer.exe to be run on startup).
An entry may be added to the file SYSTEM.INI in the "boot" section with a key name of "shell" to attempt to run ibm00001.exe on startup.
Troj/Torpig-J attempts to steal passwords, as well as logging keypresses and open window titles to text files and periodically sends the collected information to a remote user via HTTP.
Troj/Torpig-J automatically closes security warning messages displayed by common anti-virus and security related applications
................................................
W32/KWBot-A Description
http://www.sophos.com/virusinfo/analyses/w32kwbota.html
QUOTE
This section helps you to understand how it behaves
W32/KWBot-A is a worm which exploits the KaZaA peer-to-peer network.
When first executed the worm will copy itself to the Windows system folder as explorer32.exe. It will then create the following registry entries so that the copy is run each time Windows is started:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Windows Explorer Update Build 1142 = explorer32
and
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Windows Explorer Update Build 1142 = explorer32
W32/KWBot-A will attempt to get unsuspecting users to download copies of itself by using filenames which may be attractive to other users, such as film titles or popular software.
Examples of filenames used are:
Star Wars Episode 2 - Attack of the Clones VCD CD1.exe
Spiderman The Movie - The Game.exe
Grand Theft Auto 3 CD1 ISO.exe
ZoneAlarm Firewall Pro.exe
Windows XP Professional iso.exe
Unreal Tournament cracked (works on all servers).exe
University Study Guide (cheat sheet).exe
Quicken Pro 2002 iso.exe
Perl Ultimate Study Guide.exe
Office XP Corporate Ed. iso.exe
Norton Utilities 2002.exe
Microsoft Visual C++ 7.0 iso.exe
MCSE Ultimate Study Guide.exe
Max Payne full iso.exe
Macromedia Flash 5.exe
Kazaa Advertisement Ad remover.exe
DSL Anonymizer.exe
DoS Attacker.exe
DivX Codec 6.0 beta (codec only).exe
Credit Card number generator VERIFIER (cc cc#).exe
cows gone wild.exe
100 XXX Passwords (verified 3-24-02).exe
The worm may also allow attackers to gain control of an infected computer using commands transmitted over IRC.
W32/KWBot-A is a worm which exploits the KaZaA peer-to-peer network.
When first executed the worm will copy itself to the Windows system folder as explorer32.exe. It will then create the following registry entries so that the copy is run each time Windows is started:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Windows Explorer Update Build 1142 = explorer32
and
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Windows Explorer Update Build 1142 = explorer32
W32/KWBot-A will attempt to get unsuspecting users to download copies of itself by using filenames which may be attractive to other users, such as film titles or popular software.
Examples of filenames used are:
Star Wars Episode 2 - Attack of the Clones VCD CD1.exe
Spiderman The Movie - The Game.exe
Grand Theft Auto 3 CD1 ISO.exe
ZoneAlarm Firewall Pro.exe
Windows XP Professional iso.exe
Unreal Tournament cracked (works on all servers).exe
University Study Guide (cheat sheet).exe
Quicken Pro 2002 iso.exe
Perl Ultimate Study Guide.exe
Office XP Corporate Ed. iso.exe
Norton Utilities 2002.exe
Microsoft Visual C++ 7.0 iso.exe
MCSE Ultimate Study Guide.exe
Max Payne full iso.exe
Macromedia Flash 5.exe
Kazaa Advertisement Ad remover.exe
DSL Anonymizer.exe
DoS Attacker.exe
DivX Codec 6.0 beta (codec only).exe
Credit Card number generator VERIFIER (cc cc#).exe
cows gone wild.exe
100 XXX Passwords (verified 3-24-02).exe
The worm may also allow attackers to gain control of an infected computer using commands transmitted over IRC.
.........................................
W32/Benjamin-A - Description
http://www.sophos.com/virusinfo/analyses/w32benjamina.html
QUOTE
This section helps you to understand how it behaves
W32/Benjamin-A is a worm that exploits the KaZaA file exchange peer-to-peer network as a means of propagation.
When first executed the worm will display a message box containing the false error message
"Access error #03A:94574: Invalid pointer operation
File possibly corrupt."
A copy of the worm will then be placed in the Windows system folder and a value named System-Service will be added to the registry at:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
This entry will run the worm when Windows is started.
A twenty digit hexadecimal number will also be added as the registry entry
HKLM\Software\Microsoft\Syscod
A large number of copies of the worm will be placed in the folder C:\Windows\Temp\Sys32. This folder is registered as the location where KaZaA users have access to download files. The intention is for KaZaA users to unknowingly download the worm. To increase the chances of this occuring the copies of the worm are given names that often correspond with song, film and computer game titles.
The list of file names used by the worm includes the following :
Black & White -full-downloader
macy gray - I Stumble
metallica - stairway to heaven
acdc - money talks
Fatboy Slim - Star 69
Marilyn Manson - 13 Born again
Deepest Purple-The Very Best of Deep Purple - Space Truckin
Windows XP Home edition (eng) -full-downloader
South Park Vol.1-divx-full-downloader
Quake - Games -full-downloader
Nascar Racing 3-Games-full-downloader
FIFA Soccer 2002-installer
robbie williams - millenium
Johann_Sebastian_Bach-Brandenburg_Concerto_No
The file names end with a variable number of spaces and an extension of EXE or SCR.
The worm will attempt to display a web page from benjamin.xww.de.
The page which the worm attempts to display has been removed.
W32/Benjamin-A is a worm that exploits the KaZaA file exchange peer-to-peer network as a means of propagation.
When first executed the worm will display a message box containing the false error message
"Access error #03A:94574: Invalid pointer operation
File possibly corrupt."
A copy of the worm will then be placed in the Windows system folder and a value named System-Service will be added to the registry at:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
This entry will run the worm when Windows is started.
A twenty digit hexadecimal number will also be added as the registry entry
HKLM\Software\Microsoft\Syscod
A large number of copies of the worm will be placed in the folder C:\Windows\Temp\Sys32. This folder is registered as the location where KaZaA users have access to download files. The intention is for KaZaA users to unknowingly download the worm. To increase the chances of this occuring the copies of the worm are given names that often correspond with song, film and computer game titles.
The list of file names used by the worm includes the following :
Black & White -full-downloader
macy gray - I Stumble
metallica - stairway to heaven
acdc - money talks
Fatboy Slim - Star 69
Marilyn Manson - 13 Born again
Deepest Purple-The Very Best of Deep Purple - Space Truckin
Windows XP Home edition (eng) -full-downloader
South Park Vol.1-divx-full-downloader
Quake - Games -full-downloader
Nascar Racing 3-Games-full-downloader
FIFA Soccer 2002-installer
robbie williams - millenium
Johann_Sebastian_Bach-Brandenburg_Concerto_No
The file names end with a variable number of spaces and an extension of EXE or SCR.
The worm will attempt to display a web page from benjamin.xww.de.
The page which the worm attempts to display has been removed.
hi again. thank you so much for your help. i wanted to try all i could to clean it before i rebooted so i have tried what you said and have my new hijackthis & ad-aware logs. please let me know if there is anything i need to do or if it is time to reboot. thanks again.
Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, 9 September 2006 4:09:34 a.m.
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R122 08.09.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Maxifiles(TAC index:5):2 total references
Adware.SafetyBar(TAC index:3):1 total references
MRU List(TAC index:0):17 total references
Tracking Cookie(TAC index:3):24 total references
Win32.Trojan.KillAV(TAC index:10):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
9-09-2006 4:09:34 a.m. - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Ryan\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Ryan\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 404
ThreadCreationTime : 8-09-2006 1:26:26 p.m.
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 460
ThreadCreationTime : 8-09-2006 1:26:29 p.m.
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 492
ThreadCreationTime : 8-09-2006 1:26:30 p.m.
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 536
ThreadCreationTime : 8-09-2006 1:26:31 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 556
ThreadCreationTime : 8-09-2006 1:26:31 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 700
ThreadCreationTime : 8-09-2006 1:26:33 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 780
ThreadCreationTime : 8-09-2006 1:26:34 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 816
ThreadCreationTime : 8-09-2006 1:26:34 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 864
ThreadCreationTime : 8-09-2006 1:26:34 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 892
ThreadCreationTime : 8-09-2006 1:26:35 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1044
ThreadCreationTime : 8-09-2006 1:26:38 p.m.
BasePriority : Normal
FileVersion : 7.1
ProductVersion : 7.1
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2001 Lexmark International, Inc.
OriginalFilename : LexBceS.exe
#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1080
ThreadCreationTime : 8-09-2006 1:26:39 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:13 [nhksrv.exe]
FilePath : C:\Apps\ActivBoard\
ProcessID : 1184
ThreadCreationTime : 8-09-2006 1:26:42 p.m.
BasePriority : Normal
#:14 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1252
ThreadCreationTime : 8-09-2006 1:26:43 p.m.
BasePriority : Normal
FileVersion : 7,1,0,365
ProductVersion : 7.1.0.365
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1356
ThreadCreationTime : 8-09-2006 1:26:44 p.m.
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:16 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1444
ThreadCreationTime : 8-09-2006 1:26:47 p.m.
BasePriority : Normal
FileVersion : 7,1,0,349
ProductVersion : 7.1.0.349
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:17 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1472
ThreadCreationTime : 8-09-2006 1:26:47 p.m.
BasePriority : Normal
FileVersion : 7,1,0,400
ProductVersion : 7.1.0.400
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2006, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:18 [crypserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1492
ThreadCreationTime : 8-09-2006 1:26:48 p.m.
BasePriority : High
FileVersion : 5.4.0
ProductVersion : 5.4
ProductName : CrypKey Software Licensing System
CompanyName : Kenonic Controls Ltd.
FileDescription : CrypKey NT Service
InternalName : crypserv
LegalCopyright : Copyright © 2000
LegalTrademarks : CrypKey
OriginalFilename : crypserv.exe
Comments : Operates in all directories, not just configured ones. Directory configuration only used for fille clean up and uninstall. 0/3 fixed problem with other partitions. 0/6 fixed problem with short paths
#:19 [slserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1548
ThreadCreationTime : 8-09-2006 1:26:49 p.m.
BasePriority : Normal
#:20 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1572
ThreadCreationTime : 8-09-2006 1:26:50 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:21 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1600
ThreadCreationTime : 8-09-2006 1:26:50 p.m.
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:22 [monitor.exe]
FilePath : C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\
ProcessID : 1804
ThreadCreationTime : 8-09-2006 1:26:58 p.m.
BasePriority : Normal
FileVersion : 8.0.0.0
ProductVersion : 8.0.0.0
ProductName : Ulead Photo Explorer
CompanyName : Ulead Systems, Inc.
FileDescription : MONITOR
InternalName : MONITOR
LegalCopyright : Copyright c1992-2001. Ulead Systems, Inc. All rights reserved.
LegalTrademarks : Ulead Systems, MediaStudio and PhotoImpact are registered trademarks of Ulead Systems, Inc.
OriginalFilename : MONITOR.EXE
#:23 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1816
ThreadCreationTime : 8-09-2006 1:26:58 p.m.
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:24 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1824
ThreadCreationTime : 8-09-2006 1:26:58 p.m.
BasePriority : Normal
FileVersion : 7.0.3
ProductVersion : QuickTime 7.0.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2005
OriginalFilename : QTTask.exe
#:25 [pwrisovm.exe]
FilePath : G:\Program Files\PowerISO\
ProcessID : 1840
ThreadCreationTime : 8-09-2006 1:26:58 p.m.
BasePriority : Normal
FileVersion : 3, 0, 0, 0
ProductVersion : 3, 0, 0, 0
ProductName : PowerISO Virtual Drive Manager
CompanyName : PowerISO Computing, Inc.
FileDescription : PowerISO Virtual Drive Manager
InternalName : PowerISO Virtual Drive Manager
LegalCopyright : Copyright © 2004-2006
OriginalFilename : PWRISOVM.EXE
Comments : http://www.poweriso.com
#:26 [lxsupmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1916
ThreadCreationTime : 8-09-2006 1:26:59 p.m.
BasePriority : Normal
FileVersion : 2.2.64.1
ProductVersion : 2.2.64.1
ProductName : Lexmark Supplies Monitor
CompanyName : Lexmark International Inc.
FileDescription : Supplies Monitor
InternalName : LXSUPMON
LegalCopyright : Copyright © 2000
OriginalFilename : LXSUPMON.RC
#:27 [igfxtray.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1928
ThreadCreationTime : 8-09-2006 1:26:59 p.m.
BasePriority : Normal
FileVersion : 3,0,0,1132
ProductVersion : 7,0,0,1132
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2001, Intel Corporation
OriginalFilename : IGFXTRAY.EXE
#:28 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1940
ThreadCreationTime : 8-09-2006 1:27:00 p.m.
BasePriority : Normal
FileVersion : 3,0,0,1132
ProductVersion : 7,0,0,1132
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2001, Intel Corporation
OriginalFilename : HKCMD.EXE
#:29 [em_exec.exe]
FilePath : C:\PROGRA~1\MOUSEW~1\SYSTEM\
ProcessID : 1968
ThreadCreationTime : 8-09-2006 1:27:00 p.m.
BasePriority : Normal
FileVersion : 9.40.139
ProductVersion : 9.40
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2001.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team
#:30 [mmkeybd.exe]
FilePath : C:\Apps\ActivBoard\
ProcessID : 1992
ThreadCreationTime : 8-09-2006 1:27:00 p.m.
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Netropa Hot Key
CompanyName : Netropa Corp.
FileDescription : Netropa® Hot Key
InternalName : Netropa Hot Key
LegalCopyright : Copyright © 2000-2001 Netropa Corp.
OriginalFilename : nhk.exe
#:31 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 2000
ThreadCreationTime : 8-09-2006 1:27:00 p.m.
BasePriority : Normal
#:32 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 2008
ThreadCreationTime : 8-09-2006 1:27:01 p.m.
BasePriority : Normal
FileVersion : 7,1,0,405
ProductVersion : 7.1.0.405
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2006, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:33 [wkcalrem.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ProcessID : 184
ThreadCreationTime : 8-09-2006 1:27:04 p.m.
BasePriority : Normal
FileVersion : 6.00.1828.1
ProductVersion : 6.00.1828.1
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFilename : WKCALREM.EXE
#:34 [slipaccel.exe]
FilePath : C:\Program Files\SlipStream Web Accelerator\
ProcessID : 204
ThreadCreationTime : 8-09-2006 1:27:05 p.m.
BasePriority : Normal
ProductName : SlipStream Web Accelerator
CompanyName : SlipStream Data Inc.
FileDescription : SlipStream Web Accelerator Client Application
InternalName : SlipStream Web Accelerator
LegalCopyright : Copyright © 2002
#:35 [traymon.exe]
FilePath : C:\Apps\ActivBoard\
ProcessID : 228
ThreadCreationTime : 8-09-2006 1:27:06 p.m.
BasePriority : Normal
#:36 [osd.exe]
FilePath : C:\Apps\ActivBoard\
ProcessID : 348
ThreadCreationTime : 8-09-2006 1:27:09 p.m.
BasePriority : Normal
FileVersion : 2.02
ProductVersion : 2.02
ProductName : Onscreen Display
CompanyName : Netropa Corp.
FileDescription : Netropa® Onscreen Display
InternalName : OSD
LegalCopyright : Copyright © 1997-2001 Netropa Corp.
OriginalFilename : osd.exe
#:37 [watch.exe]
FilePath : C:\WINDOWS\twain_32\B12U12K\
ProcessID : 428
ThreadCreationTime : 8-09-2006 1:27:10 p.m.
BasePriority : Normal
FileVersion : 2, 3, 2, 7
ProductVersion : 2, 3, 2, 7
ProductName : Watch Dog
CompanyName : Common Group
FileDescription : Watch Dog
InternalName : Tiffany
LegalCopyright : Copyright © 1998
OriginalFilename : WATCH.EXE
#:38 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1800
ThreadCreationTime : 8-09-2006 1:27:25 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:39 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3688
ThreadCreationTime : 8-09-2006 4:09:17 p.m.
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@edge.ru4[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:ryan@edge.ru4.com/
Expires : 1-09-2036 12:48:22 a.m.
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@instadia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:ryan@instadia.net/
Expires : 30-08-2008 6:41:12 p.m.
LastSync : Hits:8
UseCount : 0
Hits : 8
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:18
Value : Cookie:ryan@zedo.com/
Expires : 6-09-2016 12:48:22 a.m.
LastSync : Hits:18
UseCount : 0
Hits : 18
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@ehg-wizardsofthecoast.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:ryan@ehg-wizardsofthecoast.hitbox.com/
Expires : 8-09-2007 6:53:00 p.m.
LastSync : Hits:12
UseCount : 0
Hits : 12
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:23
Value : Cookie:ryan@fastclick.net/
Expires : 7-09-2008 6:59:48 p.m.
LastSync : Hits:23
UseCount : 0
Hits : 23
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@fad-608.iad6.targetnet[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:ryan@fad-608.iad6.targetnet.com/
Expires : 17-09-2006 8:35:28 a.m.
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@maxserving[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:ryan@maxserving.com/
Expires : 5-09-2016 8:51:18 a.m.
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:ryan@mediaplex.com/
Expires : 22-06-2009 12:00:00 p.m.
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:ryan@tribalfusion.com/
Expires : 1-01-2038 12:00:00 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@vegasred[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:ryan@vegasred.com/
Expires : 30-10-2025 6:36:26 p.m.
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:ryan@2o7.net/
Expires : 8-09-2011 1:18:58 a.m.
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:92
Value : Cookie:ryan@advertising.com/
Expires : 7-09-2011 6:30:32 p.m.
LastSync : Hits:92
UseCount : 0
Hits : 92
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@targetnet[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:21
Value : Cookie:ryan@targetnet.com/
Expires : 18-05-2033 3:33:20 p.m.
LastSync : Hits:21
UseCount : 0
Hits : 21
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:ryan@serving-sys.com/
Expires : 1-01-2038 10:00:00 a.m.
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:ryan@atdmt.com/
Expires : 7-09-2011 12:00:00 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@ads.addynamix[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:ryan@ads.addynamix.com/
Expires : 9-09-2006 8:30:44 p.m.
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@adserver.adreactor[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:ryan@adserver.adreactor.com/
Expires : 3-09-2007 9:16:04 a.m.
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@perf.overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:ryan@perf.overture.com/
Expires : 8-09-2010 12:44:22 a.m.
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@www.vegasred[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:ryan@www.vegasred.com/
Expires : 31-08-2011 2:36:26 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@casalemedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:30
Value : Cookie:ryan@casalemedia.com/
Expires : 25-08-2007 2:47:14 p.m.
LastSync : Hits:30
UseCount : 0
Hits : 30
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:ryan@doubleclick.net/
Expires : 8-09-2009 1:09:46 a.m.
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@~~local~~[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:ryan@~~local~~/
Expires : 15-09-2006 11:51:48 a.m.
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@ads.pointroll[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:ryan@ads.pointroll.com/
Expires : 1-01-2010 12:00:00 p.m.
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 23
Objects found so far: 40
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojan.KillAV Object Recognized!
Type : File
Data : b122.exe
TAC Rating : 10
Category : Virus
Comment :
Object : C:\Documents and Settings\Ryan\Local Settings\Temp\
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@maxserving[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ryan\Local Settings\Temp\Cookies\ryan@maxserving[1].txt
Adware.SafetyBar Object Recognized!
Type : File
Data : A0299853.dll
TAC Rating : 3
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{B8E8BA2B-D174-4B63-94F8-468C63A711EE}\RP890\
Adware.Maxifiles Object Recognized!
Type : File
Data : A0311150.exe
TAC Rating : 5
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{B8E8BA2B-D174-4B63-94F8-468C63A711EE}\RP900\
Adware.Maxifiles Object Recognized!
Type : File
Data : A0311151.dll
TAC Rating : 5
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{B8E8BA2B-D174-4B63-94F8-468C63A711EE}\RP900\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 45
Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 45
Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 45
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 45
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 45
4:32:25 a.m. Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:22:51.203
Objects scanned:183574
Objects identified:28
Objects ignored:0
New critical objects:28
Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, 9 September 2006 4:09:34 a.m.
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R122 08.09.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Maxifiles(TAC index:5):2 total references
Adware.SafetyBar(TAC index:3):1 total references
MRU List(TAC index:0):17 total references
Tracking Cookie(TAC index:3):24 total references
Win32.Trojan.KillAV(TAC index:10):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
9-09-2006 4:09:34 a.m. - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Ryan\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Ryan\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-74049757-502627533-162025716-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 404
ThreadCreationTime : 8-09-2006 1:26:26 p.m.
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 460
ThreadCreationTime : 8-09-2006 1:26:29 p.m.
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 492
ThreadCreationTime : 8-09-2006 1:26:30 p.m.
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 536
ThreadCreationTime : 8-09-2006 1:26:31 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 556
ThreadCreationTime : 8-09-2006 1:26:31 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 700
ThreadCreationTime : 8-09-2006 1:26:33 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 780
ThreadCreationTime : 8-09-2006 1:26:34 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 816
ThreadCreationTime : 8-09-2006 1:26:34 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 864
ThreadCreationTime : 8-09-2006 1:26:34 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 892
ThreadCreationTime : 8-09-2006 1:26:35 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1044
ThreadCreationTime : 8-09-2006 1:26:38 p.m.
BasePriority : Normal
FileVersion : 7.1
ProductVersion : 7.1
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2001 Lexmark International, Inc.
OriginalFilename : LexBceS.exe
#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1080
ThreadCreationTime : 8-09-2006 1:26:39 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:13 [nhksrv.exe]
FilePath : C:\Apps\ActivBoard\
ProcessID : 1184
ThreadCreationTime : 8-09-2006 1:26:42 p.m.
BasePriority : Normal
#:14 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1252
ThreadCreationTime : 8-09-2006 1:26:43 p.m.
BasePriority : Normal
FileVersion : 7,1,0,365
ProductVersion : 7.1.0.365
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1356
ThreadCreationTime : 8-09-2006 1:26:44 p.m.
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:16 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1444
ThreadCreationTime : 8-09-2006 1:26:47 p.m.
BasePriority : Normal
FileVersion : 7,1,0,349
ProductVersion : 7.1.0.349
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:17 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1472
ThreadCreationTime : 8-09-2006 1:26:47 p.m.
BasePriority : Normal
FileVersion : 7,1,0,400
ProductVersion : 7.1.0.400
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2006, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:18 [crypserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1492
ThreadCreationTime : 8-09-2006 1:26:48 p.m.
BasePriority : High
FileVersion : 5.4.0
ProductVersion : 5.4
ProductName : CrypKey Software Licensing System
CompanyName : Kenonic Controls Ltd.
FileDescription : CrypKey NT Service
InternalName : crypserv
LegalCopyright : Copyright © 2000
LegalTrademarks : CrypKey
OriginalFilename : crypserv.exe
Comments : Operates in all directories, not just configured ones. Directory configuration only used for fille clean up and uninstall. 0/3 fixed problem with other partitions. 0/6 fixed problem with short paths
#:19 [slserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1548
ThreadCreationTime : 8-09-2006 1:26:49 p.m.
BasePriority : Normal
#:20 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1572
ThreadCreationTime : 8-09-2006 1:26:50 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:21 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1600
ThreadCreationTime : 8-09-2006 1:26:50 p.m.
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:22 [monitor.exe]
FilePath : C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\
ProcessID : 1804
ThreadCreationTime : 8-09-2006 1:26:58 p.m.
BasePriority : Normal
FileVersion : 8.0.0.0
ProductVersion : 8.0.0.0
ProductName : Ulead Photo Explorer
CompanyName : Ulead Systems, Inc.
FileDescription : MONITOR
InternalName : MONITOR
LegalCopyright : Copyright c1992-2001. Ulead Systems, Inc. All rights reserved.
LegalTrademarks : Ulead Systems, MediaStudio and PhotoImpact are registered trademarks of Ulead Systems, Inc.
OriginalFilename : MONITOR.EXE
#:23 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1816
ThreadCreationTime : 8-09-2006 1:26:58 p.m.
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:24 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1824
ThreadCreationTime : 8-09-2006 1:26:58 p.m.
BasePriority : Normal
FileVersion : 7.0.3
ProductVersion : QuickTime 7.0.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2005
OriginalFilename : QTTask.exe
#:25 [pwrisovm.exe]
FilePath : G:\Program Files\PowerISO\
ProcessID : 1840
ThreadCreationTime : 8-09-2006 1:26:58 p.m.
BasePriority : Normal
FileVersion : 3, 0, 0, 0
ProductVersion : 3, 0, 0, 0
ProductName : PowerISO Virtual Drive Manager
CompanyName : PowerISO Computing, Inc.
FileDescription : PowerISO Virtual Drive Manager
InternalName : PowerISO Virtual Drive Manager
LegalCopyright : Copyright © 2004-2006
OriginalFilename : PWRISOVM.EXE
Comments : http://www.poweriso.com
#:26 [lxsupmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1916
ThreadCreationTime : 8-09-2006 1:26:59 p.m.
BasePriority : Normal
FileVersion : 2.2.64.1
ProductVersion : 2.2.64.1
ProductName : Lexmark Supplies Monitor
CompanyName : Lexmark International Inc.
FileDescription : Supplies Monitor
InternalName : LXSUPMON
LegalCopyright : Copyright © 2000
OriginalFilename : LXSUPMON.RC
#:27 [igfxtray.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1928
ThreadCreationTime : 8-09-2006 1:26:59 p.m.
BasePriority : Normal
FileVersion : 3,0,0,1132
ProductVersion : 7,0,0,1132
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2001, Intel Corporation
OriginalFilename : IGFXTRAY.EXE
#:28 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1940
ThreadCreationTime : 8-09-2006 1:27:00 p.m.
BasePriority : Normal
FileVersion : 3,0,0,1132
ProductVersion : 7,0,0,1132
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2001, Intel Corporation
OriginalFilename : HKCMD.EXE
#:29 [em_exec.exe]
FilePath : C:\PROGRA~1\MOUSEW~1\SYSTEM\
ProcessID : 1968
ThreadCreationTime : 8-09-2006 1:27:00 p.m.
BasePriority : Normal
FileVersion : 9.40.139
ProductVersion : 9.40
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2001.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team
#:30 [mmkeybd.exe]
FilePath : C:\Apps\ActivBoard\
ProcessID : 1992
ThreadCreationTime : 8-09-2006 1:27:00 p.m.
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Netropa Hot Key
CompanyName : Netropa Corp.
FileDescription : Netropa® Hot Key
InternalName : Netropa Hot Key
LegalCopyright : Copyright © 2000-2001 Netropa Corp.
OriginalFilename : nhk.exe
#:31 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 2000
ThreadCreationTime : 8-09-2006 1:27:00 p.m.
BasePriority : Normal
#:32 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 2008
ThreadCreationTime : 8-09-2006 1:27:01 p.m.
BasePriority : Normal
FileVersion : 7,1,0,405
ProductVersion : 7.1.0.405
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2006, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:33 [wkcalrem.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ProcessID : 184
ThreadCreationTime : 8-09-2006 1:27:04 p.m.
BasePriority : Normal
FileVersion : 6.00.1828.1
ProductVersion : 6.00.1828.1
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFilename : WKCALREM.EXE
#:34 [slipaccel.exe]
FilePath : C:\Program Files\SlipStream Web Accelerator\
ProcessID : 204
ThreadCreationTime : 8-09-2006 1:27:05 p.m.
BasePriority : Normal
ProductName : SlipStream Web Accelerator
CompanyName : SlipStream Data Inc.
FileDescription : SlipStream Web Accelerator Client Application
InternalName : SlipStream Web Accelerator
LegalCopyright : Copyright © 2002
#:35 [traymon.exe]
FilePath : C:\Apps\ActivBoard\
ProcessID : 228
ThreadCreationTime : 8-09-2006 1:27:06 p.m.
BasePriority : Normal
#:36 [osd.exe]
FilePath : C:\Apps\ActivBoard\
ProcessID : 348
ThreadCreationTime : 8-09-2006 1:27:09 p.m.
BasePriority : Normal
FileVersion : 2.02
ProductVersion : 2.02
ProductName : Onscreen Display
CompanyName : Netropa Corp.
FileDescription : Netropa® Onscreen Display
InternalName : OSD
LegalCopyright : Copyright © 1997-2001 Netropa Corp.
OriginalFilename : osd.exe
#:37 [watch.exe]
FilePath : C:\WINDOWS\twain_32\B12U12K\
ProcessID : 428
ThreadCreationTime : 8-09-2006 1:27:10 p.m.
BasePriority : Normal
FileVersion : 2, 3, 2, 7
ProductVersion : 2, 3, 2, 7
ProductName : Watch Dog
CompanyName : Common Group
FileDescription : Watch Dog
InternalName : Tiffany
LegalCopyright : Copyright © 1998
OriginalFilename : WATCH.EXE
#:38 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1800
ThreadCreationTime : 8-09-2006 1:27:25 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:39 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3688
ThreadCreationTime : 8-09-2006 4:09:17 p.m.
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@edge.ru4[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:ryan@edge.ru4.com/
Expires : 1-09-2036 12:48:22 a.m.
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@instadia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:ryan@instadia.net/
Expires : 30-08-2008 6:41:12 p.m.
LastSync : Hits:8
UseCount : 0
Hits : 8
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:18
Value : Cookie:ryan@zedo.com/
Expires : 6-09-2016 12:48:22 a.m.
LastSync : Hits:18
UseCount : 0
Hits : 18
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@ehg-wizardsofthecoast.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:ryan@ehg-wizardsofthecoast.hitbox.com/
Expires : 8-09-2007 6:53:00 p.m.
LastSync : Hits:12
UseCount : 0
Hits : 12
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:23
Value : Cookie:ryan@fastclick.net/
Expires : 7-09-2008 6:59:48 p.m.
LastSync : Hits:23
UseCount : 0
Hits : 23
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@fad-608.iad6.targetnet[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:ryan@fad-608.iad6.targetnet.com/
Expires : 17-09-2006 8:35:28 a.m.
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@maxserving[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:ryan@maxserving.com/
Expires : 5-09-2016 8:51:18 a.m.
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:ryan@mediaplex.com/
Expires : 22-06-2009 12:00:00 p.m.
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:ryan@tribalfusion.com/
Expires : 1-01-2038 12:00:00 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@vegasred[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:ryan@vegasred.com/
Expires : 30-10-2025 6:36:26 p.m.
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:ryan@2o7.net/
Expires : 8-09-2011 1:18:58 a.m.
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:92
Value : Cookie:ryan@advertising.com/
Expires : 7-09-2011 6:30:32 p.m.
LastSync : Hits:92
UseCount : 0
Hits : 92
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@targetnet[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:21
Value : Cookie:ryan@targetnet.com/
Expires : 18-05-2033 3:33:20 p.m.
LastSync : Hits:21
UseCount : 0
Hits : 21
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:ryan@serving-sys.com/
Expires : 1-01-2038 10:00:00 a.m.
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:ryan@atdmt.com/
Expires : 7-09-2011 12:00:00 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@ads.addynamix[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:ryan@ads.addynamix.com/
Expires : 9-09-2006 8:30:44 p.m.
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@adserver.adreactor[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:ryan@adserver.adreactor.com/
Expires : 3-09-2007 9:16:04 a.m.
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@perf.overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:ryan@perf.overture.com/
Expires : 8-09-2010 12:44:22 a.m.
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@www.vegasred[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:ryan@www.vegasred.com/
Expires : 31-08-2011 2:36:26 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@casalemedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:30
Value : Cookie:ryan@casalemedia.com/
Expires : 25-08-2007 2:47:14 p.m.
LastSync : Hits:30
UseCount : 0
Hits : 30
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:ryan@doubleclick.net/
Expires : 8-09-2009 1:09:46 a.m.
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@~~local~~[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:ryan@~~local~~/
Expires : 15-09-2006 11:51:48 a.m.
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@ads.pointroll[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:ryan@ads.pointroll.com/
Expires : 1-01-2010 12:00:00 p.m.
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 23
Objects found so far: 40
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojan.KillAV Object Recognized!
Type : File
Data : b122.exe
TAC Rating : 10
Category : Virus
Comment :
Object : C:\Documents and Settings\Ryan\Local Settings\Temp\
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ryan@maxserving[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ryan\Local Settings\Temp\Cookies\ryan@maxserving[1].txt
Adware.SafetyBar Object Recognized!
Type : File
Data : A0299853.dll
TAC Rating : 3
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{B8E8BA2B-D174-4B63-94F8-468C63A711EE}\RP890\
Adware.Maxifiles Object Recognized!
Type : File
Data : A0311150.exe
TAC Rating : 5
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{B8E8BA2B-D174-4B63-94F8-468C63A711EE}\RP900\
Adware.Maxifiles Object Recognized!
Type : File
Data : A0311151.dll
TAC Rating : 5
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{B8E8BA2B-D174-4B63-94F8-468C63A711EE}\RP900\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 45
Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 45
Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 45
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 45
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 45
4:32:25 a.m. Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:22:51.203
Objects scanned:183574
Objects identified:28
Objects ignored:0
New critical objects:28
Logfile of HijackThis v1.99.1
Scan saved at 10:37:15 a.m., on 9/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
G:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\SlipStream Web Accelerator\slipaccel.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\twain_32\B12U12K\WATCH.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metacrawler.com/
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\SlipStream Web Accelerator\PBHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] G:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: SlipStream Web Accelerator.lnk = C:\Program Files\SlipStream Web Accelerator\slipaccel.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\B12U12K\WATCH.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} (UniInstaller Class) - http://www.webcamnow.com/fs5/voice/voice-installer.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131827312390
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://us.i1.yimg.com/us.yimg.com/i/chat/w...110/yvwrctl.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
Scan saved at 10:37:15 a.m., on 9/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
G:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\SlipStream Web Accelerator\slipaccel.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\twain_32\B12U12K\WATCH.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metacrawler.com/
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\SlipStream Web Accelerator\PBHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] G:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: SlipStream Web Accelerator.lnk = C:\Program Files\SlipStream Web Accelerator\slipaccel.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\B12U12K\WATCH.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} (UniInstaller Class) - http://www.webcamnow.com/fs5/voice/voice-installer.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131827312390
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://us.i1.yimg.com/us.yimg.com/i/chat/w...110/yvwrctl.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
Reboot is to re-start your PC.
Reformat/reinstall is a whole different thing. You may need to get some help with that.
This thing is being stubborn. But let's make sure it's not just an oversight.
Open Hijackthis and do a system scan only
When it finishes, place a checkmark next to these entries then press the *fix checked* button
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)
Then delete this file:
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
Reboot (re-start) your computer, then scan once more with HijackThis and post a fresh log please.
Let me know if you encounter any problems with the above instructions.
Reformat/reinstall is a whole different thing. You may need to get some help with that.
This thing is being stubborn. But let's make sure it's not just an oversight.
Open Hijackthis and do a system scan only
When it finishes, place a checkmark next to these entries then press the *fix checked* button
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)
Then delete this file:
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
Reboot (re-start) your computer, then scan once more with HijackThis and post a fresh log please.
Let me know if you encounter any problems with the above instructions.
hi again. i have done what you said but the file that you wanted me to delete (C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe) was not in the folder. i hope that is a good thing. here is my new log. thanks so much.
Logfile of HijackThis v1.99.1
Scan saved at 5:56:15 p.m., on 9/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
G:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\SlipStream Web Accelerator\slipaccel.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\twain_32\B12U12K\WATCH.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metacrawler.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>;*windowsupdate.com;download.microsoft.com;*windowsupdate.microsoft.com;codec
s.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupda
te.symantec.com;service1.symantec.com;*.nai.com;*.networkassociates.com;*.tradem
e.co.nz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\SlipStream Web Accelerator\PBHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] G:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: SlipStream Web Accelerator.lnk = C:\Program Files\SlipStream Web Accelerator\slipaccel.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\B12U12K\WATCH.exe
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\SlipStream Web Accelerator\slipaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\SlipStream Web Accelerator\slipaccel.exe/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} (UniInstaller Class) - http://www.webcamnow.com/fs5/voice/voice-installer.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131827312390
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://us.i1.yimg.com/us.yimg.com/i/chat/w...110/yvwrctl.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
Logfile of HijackThis v1.99.1
Scan saved at 5:56:15 p.m., on 9/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
G:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\SlipStream Web Accelerator\slipaccel.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\twain_32\B12U12K\WATCH.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metacrawler.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>;*windowsupdate.com;download.microsoft.com;*windowsupdate.microsoft.com;codec
s.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupda
te.symantec.com;service1.symantec.com;*.nai.com;*.networkassociates.com;*.tradem
e.co.nz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\SlipStream Web Accelerator\PBHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] G:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: SlipStream Web Accelerator.lnk = C:\Program Files\SlipStream Web Accelerator\slipaccel.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\B12U12K\WATCH.exe
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\SlipStream Web Accelerator\slipaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\SlipStream Web Accelerator\slipaccel.exe/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} (UniInstaller Class) - http://www.webcamnow.com/fs5/voice/voice-installer.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131827312390
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://us.i1.yimg.com/us.yimg.com/i/chat/w...110/yvwrctl.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
That looks good, darthsmiley 
How is your computer running at this point?
How is your computer running at this point?
the computer is running much better. thanks so much for the help. there is one last thing i need to ask. i have the free AVG virus scanner and it tells me that there are 5 files infected in C:\System Volume Information\_restore(followed by lots of numbers), but i can't find this folder anywhere. it says it cant delete the files either. there are five files in it all infected with a form of trojan horse.
Good! Glad it's running better.
The infected files AVG found are stored in the backups of System Restore, which is protected by Windows from any other products to modify or delete, therefore resetting your system restore points will purge the old infected ones with a fresh new restore point.
Some final cleanup and prevention recomendations follow.
Do a disk cleanup. Go to Start > Run and type in the box: Cleanmgr
Wait while Windows scans your system for files to delete.
Make sure these 3 are checkmarked and press *ok* to delete them.
Temporary Files
Temporary Internet Files
Recycle Bin
Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?
One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Put a Checkmark in the box next to "Turn off System Restore".
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Remove the checkmark next to "Turn off System Restore".
Click Apply, and then click OK.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;310405
......................
Ad-Aware Plus has realtime protection to prevent infections before they have a chance to a stronghold on your PC
http://www.lavasoft.com/
Also, I can't stress enough the importance of having your Windows critical Security Updates. Most malware today uses exploits on unpatched systems to creep onto your system without your even doing anything but visiting an infected webpage!!
Watch what you download, be careful where you surf, and don't trust attachments or even links in email and Instant messages. Even if they come from a buddy, that buddy could be the one infected and it is the virus sending that link from his account. You click on it thinking he is trusted, and *boom* you're infected.
Many "Phishing" attempts are made by cleverly crafted email to look like it is coming from an "official" source (like Microsoft, or your bank, or some other provider). Don't click on links in those. Go directly to the site instead and navigate the menus - don't trust email you think came from a "safe source" unless you are expecting it! There is more in the link I will provide below, but those are the choice avenues of infection these days.
Stay far AWAY from cracks and warez sites - you're sure to get infected files there, and the same can be said for files downloaded from p2p (more than half are usually infected and probably not detectable by your current security software - the newest nasties are always released in those venues).
A word about shared computers and networks.
Share Your PC
http://www.microsoft.com/windowsxp/using/s...hare/intro.mspx
Not all users need to have Admin Accounts. It is much safer to have most of your users on a shared system running as Limited User accounts. That way, if there is "an accident", it will only affect one user's account and not the entire system.
Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help.
How do I prevent Browser Hijacks and Spyware?
http://www.dslreports.com/faq/13620
I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE
Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!
Windows Update
http://update.microsoft.com/microsoftupdate/
And see this link for instructions on how to configure the enhanced security features in SP2:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx
I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.
MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/...s/mbsahome.mspx
Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.
Also visit this Free Online Scanner from Microsoft for PC Health and Safety
http://safety.live.com/site/en-US/default.htm
and Microsoft Security At Home
http://www.microsoft.com/athome/security/default.mspx
for tips to Protect your Pc, Protect yourself and Protect your Family.
The infected files AVG found are stored in the backups of System Restore, which is protected by Windows from any other products to modify or delete, therefore resetting your system restore points will purge the old infected ones with a fresh new restore point.
Some final cleanup and prevention recomendations follow.
Do a disk cleanup. Go to Start > Run and type in the box: Cleanmgr
Wait while Windows scans your system for files to delete.
Make sure these 3 are checkmarked and press *ok* to delete them.
Temporary Files
Temporary Internet Files
Recycle Bin
Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?
One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Put a Checkmark in the box next to "Turn off System Restore".
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Remove the checkmark next to "Turn off System Restore".
Click Apply, and then click OK.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;310405
......................
Ad-Aware Plus has realtime protection to prevent infections before they have a chance to a stronghold on your PC
http://www.lavasoft.com/
Also, I can't stress enough the importance of having your Windows critical Security Updates. Most malware today uses exploits on unpatched systems to creep onto your system without your even doing anything but visiting an infected webpage!!
Watch what you download, be careful where you surf, and don't trust attachments or even links in email and Instant messages. Even if they come from a buddy, that buddy could be the one infected and it is the virus sending that link from his account. You click on it thinking he is trusted, and *boom* you're infected.
Many "Phishing" attempts are made by cleverly crafted email to look like it is coming from an "official" source (like Microsoft, or your bank, or some other provider). Don't click on links in those. Go directly to the site instead and navigate the menus - don't trust email you think came from a "safe source" unless you are expecting it! There is more in the link I will provide below, but those are the choice avenues of infection these days.
Stay far AWAY from cracks and warez sites - you're sure to get infected files there, and the same can be said for files downloaded from p2p (more than half are usually infected and probably not detectable by your current security software - the newest nasties are always released in those venues).
A word about shared computers and networks.
Share Your PC
http://www.microsoft.com/windowsxp/using/s...hare/intro.mspx
Not all users need to have Admin Accounts. It is much safer to have most of your users on a shared system running as Limited User accounts. That way, if there is "an accident", it will only affect one user's account and not the entire system.
Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help
.How do I prevent Browser Hijacks and Spyware?
http://www.dslreports.com/faq/13620
I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE
Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!
Windows Update
http://update.microsoft.com/microsoftupdate/
And see this link for instructions on how to configure the enhanced security features in SP2:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx
I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.
MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/...s/mbsahome.mspx
Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.
Also visit this Free Online Scanner from Microsoft for PC Health and Safety
http://safety.live.com/site/en-US/default.htm
and Microsoft Security At Home
http://www.microsoft.com/athome/security/default.mspx
for tips to Protect your Pc, Protect yourself and Protect your Family.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.