Dag,
My computer is infected by the adware " Surfsidekick 3 " ( in C\: program files ). The problem it is that the program Ad-aware SE plus version 1.06 is interrupted after a while ( while " deep scanning files on C ").
I searched for a solution in the FAQ but is doesn't work. Probable because I have an illegal version of Windows XP ( Service Pack 2 only function with a legal version ). Is there another solution ?
Hartelijk dank.
Full Version: Surfsidekick 3
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Ad-Aware SE Resolved/Inactive Issues
vranken,
I recommend that you try doing a thorough Disk Defragmentation,
followed with Check or Scan Disk depending upon your version of Windows then
Please can you make sure that you have Ad-aware SE Build 106 and have used the WebUpDate feature to get the latest Definition file
The appearance of hanging usually occurs when 'Scan archives' is selected. Its not actually stopped scanning however. What's happening is Ad-aware is de-compressing/ unzipping files to check the contents for suspicious files, the Ad-aware re-compresses the files. This can take some time.
If this is the setting that's effecting your scans,
Try this
Open your Ad-aware,
Click the "Settings" (The Gear) button at the top right to display the "Settings" main menu.
Click "Scanning".
Un-Tick 'Scan within archives' and
then Click on "Scanning Engine"
then un-Tick (un-check) "Unload recognised modules during scan"
then Click on the Proceed button.
Also try shutting as many programs/process as possible. (I.E firewall Anti-Virus etc.) Please make sure that you
Unplug/disconnect your Modem before disabling your Anti-Virus/Firewall
Just remember to turn them back on
Then scan with Ad-ware by doing a "Full Scan" and post your logfile here by using the "reply" feature,
GRAFX
I recommend that you try doing a thorough Disk Defragmentation,
followed with Check or Scan Disk depending upon your version of Windows then
Please can you make sure that you have Ad-aware SE Build 106 and have used the WebUpDate feature to get the latest Definition file
The appearance of hanging usually occurs when 'Scan archives' is selected. Its not actually stopped scanning however. What's happening is Ad-aware is de-compressing/ unzipping files to check the contents for suspicious files, the Ad-aware re-compresses the files. This can take some time.
If this is the setting that's effecting your scans,
Try this
Open your Ad-aware,
Click the "Settings" (The Gear) button at the top right to display the "Settings" main menu.
Click "Scanning".
Un-Tick 'Scan within archives' and
then Click on "Scanning Engine"
then un-Tick (un-check) "Unload recognised modules during scan"
then Click on the Proceed button.
Also try shutting as many programs/process as possible. (I.E firewall Anti-Virus etc.) Please make sure that you
Unplug/disconnect your Modem before disabling your Anti-Virus/Firewall
Just remember to turn them back on
Then scan with Ad-ware by doing a "Full Scan" and post your logfile here by using the "reply" feature,
GRAFX
QUOTE(GRAFX @ Sep 3 2006, 10:41 PM) 
vranken,
I recommend that you try doing a thorough Disk Defragmentation,
followed with Check or Scan Disk depending upon your version of Windows then
Please can you make sure that you have Ad-aware SE Build 106 and have used the WebUpDate feature to get the latest Definition file
The appearance of hanging usually occurs when 'Scan archives' is selected. Its not actually stopped scanning however. What's happening is Ad-aware is de-compressing/ unzipping files to check the contents for suspicious files, the Ad-aware re-compresses the files. This can take some time.
If this is the setting that's effecting your scans,
Try this
Open your Ad-aware,
Click the "Settings" (The Gear) button at the top right to display the "Settings" main menu.
Click "Scanning".
Un-Tick 'Scan within archives' and
then Click on "Scanning Engine"
then un-Tick (un-check) "Unload recognised modules during scan"
then Click on the Proceed button.
Also try shutting as many programs/process as possible. (I.E firewall Anti-Virus etc.) Please make sure that you
Unplug/disconnect your Modem before disabling your Anti-Virus/Firewall
Just remember to turn them back on
Then scan with Ad-ware by doing a "Full Scan" and post your logfile here by using the "reply" feature,
GRAFX
I recommend that you try doing a thorough Disk Defragmentation,
followed with Check or Scan Disk depending upon your version of Windows then
Please can you make sure that you have Ad-aware SE Build 106 and have used the WebUpDate feature to get the latest Definition file
The appearance of hanging usually occurs when 'Scan archives' is selected. Its not actually stopped scanning however. What's happening is Ad-aware is de-compressing/ unzipping files to check the contents for suspicious files, the Ad-aware re-compresses the files. This can take some time.
If this is the setting that's effecting your scans,
Try this
Open your Ad-aware,
Click the "Settings" (The Gear) button at the top right to display the "Settings" main menu.
Click "Scanning".
Un-Tick 'Scan within archives' and
then Click on "Scanning Engine"
then un-Tick (un-check) "Unload recognised modules during scan"
then Click on the Proceed button.
Also try shutting as many programs/process as possible. (I.E firewall Anti-Virus etc.) Please make sure that you
Unplug/disconnect your Modem before disabling your Anti-Virus/Firewall
Just remember to turn them back on
Then scan with Ad-ware by doing a "Full Scan" and post your logfile here by using the "reply" feature,
GRAFX
Answer :
Thank you for your solid answer. After a total scan only the Surfsidekick 3 in c\ programfiles :
Surfsidekick 3\SskBho.dll. could not be removed.
Here is the logfile :
Ad-Aware SE Build 1.06r1
Logfile Created on:maandag 4 september 2006 22:59:41
Using definitions file:SE1R121 28.08.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Look2Me(TAC index:7):3 total references
CmdServices(TAC index:4):2 total references
CoolWebSearch(TAC index:10):7 total references
IEHijacker.ZestyFind(TAC index:6):1 total references
MRU List(TAC index:0):11 total references
SurfSideKick(TAC index:7):14 total references
Targetsaver(TAC index:8):1 total references
UCmore(TAC index:3):3 total references
Win32.Trojan.Downloader(TAC index:10):3 total references
Win32.TrojanClicker(TAC index:10):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects
4-09-2006 22:59:41 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Bart.BART\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : S-1-5-21-1659004503-1563985344-1801674531-1007\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1659004503-1563985344-1801674531-1007\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1659004503-1563985344-1801674531-1007\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1659004503-1563985344-1801674531-1007\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1659004503-1563985344-1801674531-1007\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-1659004503-1563985344-1801674531-1007\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives
MRU List Object Recognized!
Location: : S-1-5-21-1659004503-1563985344-1801674531-1007\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 424
ThreadCreationTime : 4-09-2006 19:39:20
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 488
ThreadCreationTime : 4-09-2006 19:39:22
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\System32\
ProcessID : 512
ThreadCreationTime : 4-09-2006 19:39:24
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 560
ThreadCreationTime : 4-09-2006 19:39:24
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Services en controllertoepassingen
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 572
ThreadCreationTime : 4-09-2006 19:39:24
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 740
ThreadCreationTime : 4-09-2006 19:39:26
BasePriority : Normal
FileVersion : 6.14.10.4109
ProductVersion : 6.14.10.4109.04
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 788
ThreadCreationTime : 4-09-2006 19:39:26
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
SurfSideKick Object Recognized!
Type : Process
Data : SskBho.dll
TAC Rating : 7
Category : Data Miner
Comment : SskBho.dll.dmp
Object : C:\Program Files\SurfSideKick 3\
Warning! SurfSideKick Object found in memory(C:\Program Files\SurfSideKick 3\SskBho.dll)
Warning! "C:\WINDOWS\system32\svchost.exe"Process could not be terminated!
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 836
ThreadCreationTime : 4-09-2006 19:39:26
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
SurfSideKick Object Recognized!
Type : Process
Data : SskBho.dll
TAC Rating : 7
Category : Data Miner
Comment : SskBho.dll.dmp
Object : C:\Program Files\SurfSideKick 3\
Warning! SurfSideKick Object found in memory(C:\Program Files\SurfSideKick 3\SskBho.dll)
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 896
ThreadCreationTime : 4-09-2006 19:39:26
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
SurfSideKick Object Recognized!
Type : Process
Data : SskBho.dll
TAC Rating : 7
Category : Data Miner
Comment : SskBho.dll.dmp
Object : C:\Program Files\SurfSideKick 3\
Warning! SurfSideKick Object found in memory(C:\Program Files\SurfSideKick 3\SskBho.dll)
Warning! "C:\WINDOWS\System32\svchost.exe"Process could not be terminated!
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 984
ThreadCreationTime : 4-09-2006 19:39:27
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
SurfSideKick Object Recognized!
Type : Process
Data : SskBho.dll
TAC Rating : 7
Category : Data Miner
Comment : SskBho.dll.dmp
Object : C:\Program Files\SurfSideKick 3\
Warning! SurfSideKick Object found in memory(C:\Program Files\SurfSideKick 3\SskBho.dll)
Warning! "C:\WINDOWS\System32\svchost.exe"Process could not be terminated!
#:11 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1056
ThreadCreationTime : 4-09-2006 19:39:27
BasePriority : Normal
FileVersion : 5,13,00,00
ProductVersion : 5,13,00,00
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2000 Lexmark International, Inc.
OriginalFilename : LexBceS.exe
#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1088
ThreadCreationTime : 4-09-2006 19:39:27
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:13 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1124
ThreadCreationTime : 4-09-2006 19:39:27
BasePriority : Normal
FileVersion : 5,13,00,00
ProductVersion : 5,13,00,00
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2000 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)
#:14 [cdac11ba.exe]
FilePath : C:\WINDOWS\System32\drivers\
ProcessID : 1252
ThreadCreationTime : 4-09-2006 19:39:27
BasePriority : Normal
FileVersion : 4.20.0
ProductVersion : 4.20.0 Windows NT 2002/07/15
ProductName : SafeCast Windows NT
CompanyName : Macrovision
FileDescription : Macrovision RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright © 1998-2002 Macrovision Corp.
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English
#:15 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1384
ThreadCreationTime : 4-09-2006 19:39:29
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:16 [xcommsvr.exe]
FilePath : C:\Program Files\Common Files\Softwin\BitDefender Communicator\
ProcessID : 1480
ThreadCreationTime : 4-09-2006 19:39:30
BasePriority : Normal
FileVersion : 1, 8, 9, 0
ProductVersion : 1, 8, 9, 0
ProductName : Softwin BitDefender Communicator Server
CompanyName : Softwin
FileDescription : BitDefender Communicator Server
InternalName : XCOMMSVR
LegalCopyright : Copyright © 2003-2004 Softwin
OriginalFilename : xcommsvr.exe
Comments : Manages communication between BitDefender components
#:17 [bdss.exe]
FilePath : C:\Program Files\Common Files\Softwin\BitDefender Scan Server\
ProcessID : 1532
ThreadCreationTime : 4-09-2006 19:39:30
BasePriority : Normal
#:18 [pdsched.exe]
FilePath : C:\Program Files\Raxco\PerfectDisk\
ProcessID : 1552
ThreadCreationTime : 4-09-2006 19:39:30
BasePriority : Normal
FileVersion : 7, 0, 0, 31
ProductVersion : 7, 0, 0, 31
ProductName : PDSched Module
CompanyName : Raxco Software, Inc.
FileDescription : PDSched Module
InternalName : PDSched
LegalCopyright : Copyright © 2004
OriginalFilename : PDSched.exe
#:19 [vsserv.exe]
FilePath : C:\Program Files\Softwin\BitDefender8\
ProcessID : 1632
ThreadCreationTime : 4-09-2006 19:39:33
BasePriority : Normal
FileVersion : 8, 1, 0, 0
ProductVersion : 8, 1, 0, 0
ProductName : BitDefender 8
CompanyName : SOFTWIN S.R.L.
FileDescription : BitDefender Security Service
InternalName : VSServ
LegalCopyright : © 2005 SOFTWIN S.R.L.
OriginalFilename : vsserv.exe
#:20 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 872
ThreadCreationTime : 4-09-2006 20:47:40
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Verkenner
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : EXPLORER.EXE
SurfSideKick Object Recognized!
Type : Process
Data : SskBho.dll
TAC Rating : 7
Category : Data Miner
Comment : SskBho.dll.dmp
Object : C:\Program Files\SurfSideKick 3\
Warning! SurfSideKick Object found in memory(C:\Program Files\SurfSideKick 3\SskBho.dll)
#:21 [ltmoh.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1568
ThreadCreationTime : 4-09-2006 20:47:41
BasePriority : Normal
FileVersion : 1.57
ProductVersion : 1.57
ProductName : LtMoh Application
CompanyName : Zoom Telephonics
FileDescription : LtMoh MFC Application
InternalName : LtMoh
LegalCopyright : Zoom Telephonics Copyright © 2001
LegalTrademarks : LT
OriginalFilename : LtMoh.EXE
#:22 [printray.exe]
FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
ProcessID : 1240
ThreadCreationTime : 4-09-2006 20:47:41
BasePriority : Normal
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 5
ProductName : Lexmark PrinTray
CompanyName : Lexmark
FileDescription : PrinTray
InternalName : PrinTray
LegalCopyright : Copyright © 1999
OriginalFilename : PrinTray.exe
SurfSideKick Object Recognized!
Type : Process
Data : SskBho.dll
TAC Rating : 7
Category : Data Miner
Comment : SskBho.dll.dmp
Object : C:\Program Files\SurfSideKick 3\
Warning! SurfSideKick Object found in memory(C:\Program Files\SurfSideKick 3\SskBho.dll)
#:23 [qttask.exe]
FilePath : D:\
ProcessID : 1696
ThreadCreationTime : 4-09-2006 20:47:41
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:24 [dumeter.exe]
FilePath : C:\Program Files\DU Meter\
ProcessID : 1316
ThreadCreationTime : 4-09-2006 20:47:41
BasePriority : Normal
FileVersion : 3.07 Build 200
ProductVersion : 3.07 Build 200
ProductName : DU Meter
CompanyName : Hagel Technologies
FileDescription : DU Meter
InternalName : DU Meter
LegalCopyright : Copyright © 1997-2004 Hagel Technologies
OriginalFilename : DUMETER.EXE
#:25 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 1312
ThreadCreationTime : 4-09-2006 20:47:41
BasePriority : Normal
FileVersion : 6.14.10.4019
ProductVersion : 6.14.10.4019
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe
#:26 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 1296
ThreadCreationTime : 4-09-2006 20:47:41
BasePriority : Normal
#:27 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 1040
ThreadCreationTime : 4-09-2006 20:47:41
BasePriority : Normal
FileVersion : 5, 1, 0, 51
ProductVersion : 5, 1, 0, 51
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager
#:28 [cnxdsltb.exe]
FilePath : C:\Program Files\USB ADSL\
ProcessID : 1820
ThreadCreationTime : 4-09-2006 20:47:41
BasePriority : Normal
FileVersion : 2.099.081.000
ProductVersion : 2.099.081.000
ProductName : Conexant AccessRunner ADSL
CompanyName : Conexant Systems Inc.
FileDescription : Taakbalktoepassing
LegalCopyright : © 1999-2003 Conexant Systems Inc.
#:29 [bdoesrv.exe]
FilePath : C:\Program Files\Softwin\BitDefender8\
ProcessID : 1868
ThreadCreationTime : 4-09-2006 20:47:41
BasePriority : Normal
FileVersion : 8, 1, 0, 0
ProductVersion : 8, 1, 0, 0
ProductName : Bitdefender 8
CompanyName : SOFTWIN SRL
FileDescription : bdoesrv application
InternalName : bdoesrv
LegalCopyright : © 2005 SOFTWIN S.R.L.
OriginalFilename : bdoesrv.exe
#:30 [bdmcon.exe]
FilePath : C:\Program Files\Softwin\BitDefender8\
ProcessID : 1900
ThreadCreationTime : 4-09-2006 20:47:41
BasePriority : Normal
FileVersion : 8.1.0.3
ProductVersion : 8.1.0.0
ProductName : BitDefender 8
CompanyName : SOFTWIN S.R.L.
FileDescription : BitDefender Management Console
InternalName : Management Console
LegalCopyright : © 2005 SOFTWIN S.R.L.
OriginalFilename : bdmcon.exe
#:31 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1780
ThreadCreationTime : 4-09-2006 20:47:41
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:32 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 868
ThreadCreationTime : 4-09-2006 20:47:41
BasePriority : Normal
FileVersion : 4.7.2009
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:33 [ad-watch.exe]
FilePath : D:\bart\Ad-Aware SE Plus\
ProcessID : 1848
ThreadCreationTime : 4-09-2006 20:47:42
BasePriority : Normal
FileVersion : 3.1.2.17
ProductVersion : 3.2
ProductName : Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Watch System Protector
InternalName : Ad-Watch.exe
LegalCopyright : 1999-2004 Team Lavasoft
OriginalFilename : Ad-Watch.exe
SurfSideKick Object Recognized!
Type : Process
Data : SskBho.dll
TAC Rating : 7
Category : Data Miner
Comment : SskBho.dll.dmp
Object : C:\Program Files\SurfSideKick 3\
Warning! SurfSideKick Object found in memory(C:\Program Files\SurfSideKick 3\SskBho.dll)
Warning! "D:\bart\Ad-Aware SE Plus\Ad-Watch.exe"Process could not be terminated!
#:34 [wzqkpick.exe]
FilePath : C:\Program Files\WinZip\
ProcessID : 2092
ThreadCreationTime : 4-09-2006 20:47:42
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6028)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English
#:35 [fsscrctl.exe]
FilePath : C:\WINDOWS\
ProcessID : 2140
ThreadCreationTime : 4-09-2006 20:47:42
BasePriority : Normal
FileVersion : 2, 1, 0, 46
ProductVersion : 2, 1, 0, 46
ProductName : Stardust Screen Saver Toolkit 2.1
CompanyName : Stardust Software
FileDescription : Screen Saver Control applet
InternalName : FSScrCtl
LegalCopyright : Copyright © 1998-1999 Stardust Software.
LegalTrademarks : Stardust and Screen Saver Toolkit are trademarks of Stardust Software.
OriginalFilename : FSSCRCTL.EXE
Comments : www.stardustsoftware.com
#:36 [ad-aware.exe]
FilePath : D:\bart\Ad-Aware SE Plus\
ProcessID : 2640
ThreadCreationTime : 4-09-2006 20:50:07
BasePriority : Normal
FileVersion : 6.2.0.237
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SurfSideKick Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}
SurfSideKick Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\surf sidekick
SurfSideKick Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\surf sidekick
Value : UninstallString
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 21
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Look2Me Object Recognized!
Type : File
Data : AppWrap[1].exe
TAC Rating : 7
Category : Adware
Comment :
Object : C:\Documents and Settings\Bart.BART\Local Settings\Temporary Internet Files\Content.IE5\DGSBXDOX\
IEHijacker.ZestyFind Object Recognized!
Type : File
Data : AppWrap[1].exe
TAC Rating : 6
Category : Malware
Comment :
Object : C:\Documents and Settings\Bart.BART\Local Settings\Temporary Internet Files\Content.IE5\KDQNGT6B\
SurfSideKick Object Recognized!
Type : File
Data : SskBho.dll
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\Softwin\BitDefender8\Quarantine\
CmdServices Object Recognized!
Type : File
Data : A0171562.exe
TAC Rating : 4
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{6AD5475B-352D-437F-9AE9-D8EF515DDC09}\RP453\
CmdServices Object Recognized!
Type : File
Data : A0171570.exe
TAC Rating : 4
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{6AD5475B-352D-437F-9AE9-D8EF515DDC09}\RP453\
Win32.Trojan.Downloader Object Recognized!
Type : File
Data : A0171883.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6AD5475B-352D-437F-9AE9-D8EF515DDC09}\RP453\
Targetsaver Object Recognized!
Type : File
Data : A0171886.dll
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6AD5475B-352D-437F-9AE9-D8EF515DDC09}\RP453\
UCmore Object Recognized!
Type : File
Data : A0171900.dll
TAC Rating : 3
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6AD5475B-352D-437F-9AE9-D8EF515DDC09}\RP453\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : IUCmore Module
FileDescription : IUCmore Module
InternalName : IUCmore
LegalCopyright : Copyright 2001
OriginalFilename : IUCmore.DLL
UCmore Object Recognized!
Type : File
Data : A0171901.dll
TAC Rating : 3
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6AD5475B-352D-437F-9AE9-D8EF515DDC09}\RP453\
FileVersion : 4, 5, 40, 0
ProductVersion : 4, 5, 40, 0
ProductName : UCmore XP Toolbar
CompanyName : Effective-i Inc.
FileDescription : UCmore XP Toolbar
InternalName : UCmore XP Toolbar
LegalCopyright : Copyright © Effective-i Inc. 2001
LegalTrademarks : Copyright © Effective-i Inc. 2001
Comments : UCmore XP Toolbar ver 1.0
SurfSideKick Object Recognized!
Type : File
Data : A0171910.exe
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6AD5475B-352D-437F-9AE9-D8EF515DDC09}\RP453\
Win32.Trojan.Downloader Object Recognized!
Type : File
Data : A0171911.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6AD5475B-352D-437F-9AE9-D8EF515DDC09}\RP453\
FileVersion : 4, 0, 4, 0
ProductVersion : 4, 0, 4, 0
LegalCopyright : Copyright © 2005
UCmore Object Recognized!
Type : File
Data : A0171912.exe
TAC Rating : 3
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6AD5475B-352D-437F-9AE9-D8EF515DDC09}\RP453\
Win32.Trojan.Downloader Object Recognized!
Type : File
Data : A0171913.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6AD5475B-352D-437F-9AE9-D8EF515DDC09}\RP453\
Win32.TrojanClicker Object Recognized!
Type : File
Data : A0171934.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6AD5475B-352D-437F-9AE9-D8EF515DDC09}\RP453\
CoolWebSearch Object Recognized!
Type : File
Data : A0171937.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6AD5475B-352D-437F-9AE9-D8EF515DDC09}\RP453\
CoolWebSearch Object Recognized!
Type : File
Data : A0171938.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6AD5475B-352D-437F-9AE9-D8EF515DDC09}\RP453\
CoolWebSearch Object Recognized!
Type : File
Data : A0171939.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6AD5475B-352D-437F-9AE9-D8EF515DDC09}\RP453\
Adware.Look2Me Object Recognized!
Type : File
Data : A0171940.dll
TAC Rating : 7
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{6AD5475B-352D-437F-9AE9-D8EF515DDC09}\RP453\
CoolWebSearch Object Recognized!
Type : File
Data : A0171947.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6AD5475B-352D-437F-9AE9-D8EF515DDC09}\RP453\
CoolWebSearch Object Recognized!
Type : File
Data : A0171949.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6AD5475B-352D-437F-9AE9-D8EF515DDC09}\RP453\
SurfSideKick Object Recognized!
Type : File
Data : A0172459.dll
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6AD5475B-352D-437F-9AE9-D8EF515DDC09}\RP455\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 42
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 42
Deep scanning and examining files (K:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for K:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 42
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 42
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SurfSideKick Object Recognized!
Type : Folder
TAC Rating : 7
Category : Data Miner
Comment : SurfSideKick
Object : C:\Program Files\SurfSideKick 3
Adware.Look2Me Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon\notify
Win32.TrojanClicker Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager
Win32.TrojanClicker Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks
Win32.TrojanClicker Object Recognized!
Type : RegData
Data : c:\windows\system32\userinit.exe
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Userinit
Data : c:\windows\system32\userinit.exe
CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Enable Browser Extensions
CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 49
23:10:04 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:22.937
Objects scanned:186254
Objects identified:31
Objects ignored:0
New critical objects:31
vranken,
please can you clear out your cache folder ie: temporary internet folder There are some free programs that you can use that will do that for you if needed like
CCleaner
(Note in CCleaner: go to >options > advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours"). but see CCleaner Set up
also in the settup of CCleaner The LS Staff would perfuer if you un-tick (un-check) "Utilities" (i.e., Ad-Aware, ewido and other security program logs.) at leat till your pc is clean of spyware/malware
to do this open CCleaner and click on the Applications Tab then un-tick (un-check) all the "Utilities"
now use the WebUpDate
(to make sure you are upto date) if you want to clean your PC then scan by doing a "Full Scan" then and once the scan has finished
mark and remove the items then Reboot (ie: Re-start your PC)
Then re-scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature .
GRAFX
please can you clear out your cache folder ie: temporary internet folder There are some free programs that you can use that will do that for you if needed like
CCleaner
(Note in CCleaner: go to >options > advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours"). but see CCleaner Set up
also in the settup of CCleaner The LS Staff would perfuer if you un-tick (un-check) "Utilities" (i.e., Ad-Aware, ewido and other security program logs.) at leat till your pc is clean of spyware/malware
to do this open CCleaner and click on the Applications Tab then un-tick (un-check) all the "Utilities"
now use the WebUpDate
(to make sure you are upto date) if you want to clean your PC then scan by doing a "Full Scan" then and once the scan has finished
mark and remove the items then Reboot (ie: Re-start your PC)
Then re-scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature .
GRAFX
Grafx,
I cleared out my cache folder ( temporary internet folder) = 435 MB is removed with CCleaner.
This is my logfile after a re-scan with Ad-aware.
Ad-Aware SE Build 1.06r1
Logfile Created on:woensdag 6 september 2006 21:56:34
Using definitions file:SE1R121 28.08.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):1 total references
SurfSideKick(TAC index:7):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects
6-09-2006 21:56:34 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Bart.BART\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 420
ThreadCreationTime : 6-09-2006 19:48:56
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 484
ThreadCreationTime : 6-09-2006 19:48:57
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\System32\
ProcessID : 508
ThreadCreationTime : 6-09-2006 19:48:59
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 556
ThreadCreationTime : 6-09-2006 19:48:59
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Services en controllertoepassingen
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 568
ThreadCreationTime : 6-09-2006 19:48:59
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 736
ThreadCreationTime : 6-09-2006 19:49:01
BasePriority : Normal
FileVersion : 6.14.10.4109
ProductVersion : 6.14.10.4109.04
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 784
ThreadCreationTime : 6-09-2006 19:49:01
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 832
ThreadCreationTime : 6-09-2006 19:49:01
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 920
ThreadCreationTime : 6-09-2006 19:49:01
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 960
ThreadCreationTime : 6-09-2006 19:49:02
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1052
ThreadCreationTime : 6-09-2006 19:49:02
BasePriority : Normal
FileVersion : 5,13,00,00
ProductVersion : 5,13,00,00
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2000 Lexmark International, Inc.
OriginalFilename : LexBceS.exe
#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1080
ThreadCreationTime : 6-09-2006 19:49:02
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:13 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1120
ThreadCreationTime : 6-09-2006 19:49:02
BasePriority : Normal
FileVersion : 5,13,00,00
ProductVersion : 5,13,00,00
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2000 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)
#:14 [cdac11ba.exe]
FilePath : C:\WINDOWS\System32\drivers\
ProcessID : 1248
ThreadCreationTime : 6-09-2006 19:49:02
BasePriority : Normal
FileVersion : 4.20.0
ProductVersion : 4.20.0 Windows NT 2002/07/15
ProductName : SafeCast Windows NT
CompanyName : Macrovision
FileDescription : Macrovision RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright © 1998-2002 Macrovision Corp.
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English
#:15 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1436
ThreadCreationTime : 6-09-2006 19:49:04
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:16 [xcommsvr.exe]
FilePath : C:\Program Files\Common Files\Softwin\BitDefender Communicator\
ProcessID : 1508
ThreadCreationTime : 6-09-2006 19:49:04
BasePriority : Normal
FileVersion : 1, 8, 9, 0
ProductVersion : 1, 8, 9, 0
ProductName : Softwin BitDefender Communicator Server
CompanyName : Softwin
FileDescription : BitDefender Communicator Server
InternalName : XCOMMSVR
LegalCopyright : Copyright © 2003-2004 Softwin
OriginalFilename : xcommsvr.exe
Comments : Manages communication between BitDefender components
#:17 [bdss.exe]
FilePath : C:\Program Files\Common Files\Softwin\BitDefender Scan Server\
ProcessID : 1548
ThreadCreationTime : 6-09-2006 19:49:04
BasePriority : Normal
#:18 [pdsched.exe]
FilePath : C:\Program Files\Raxco\PerfectDisk\
ProcessID : 1568
ThreadCreationTime : 6-09-2006 19:49:05
BasePriority : Normal
FileVersion : 7, 0, 0, 31
ProductVersion : 7, 0, 0, 31
ProductName : PDSched Module
CompanyName : Raxco Software, Inc.
FileDescription : PDSched Module
InternalName : PDSched
LegalCopyright : Copyright © 2004
OriginalFilename : PDSched.exe
#:19 [vsserv.exe]
FilePath : C:\Program Files\Softwin\BitDefender8\
ProcessID : 1640
ThreadCreationTime : 6-09-2006 19:49:07
BasePriority : Normal
FileVersion : 8, 1, 0, 0
ProductVersion : 8, 1, 0, 0
ProductName : BitDefender 8
CompanyName : SOFTWIN S.R.L.
FileDescription : BitDefender Security Service
InternalName : VSServ
LegalCopyright : © 2005 SOFTWIN S.R.L.
OriginalFilename : vsserv.exe
#:20 [ltmoh.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1968
ThreadCreationTime : 6-09-2006 19:49:16
BasePriority : Normal
FileVersion : 1.57
ProductVersion : 1.57
ProductName : LtMoh Application
CompanyName : Zoom Telephonics
FileDescription : LtMoh MFC Application
InternalName : LtMoh
LegalCopyright : Zoom Telephonics Copyright © 2001
LegalTrademarks : LT
OriginalFilename : LtMoh.EXE
#:21 [printray.exe]
FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
ProcessID : 444
ThreadCreationTime : 6-09-2006 19:49:17
BasePriority : Normal
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 5
ProductName : Lexmark PrinTray
CompanyName : Lexmark
FileDescription : PrinTray
InternalName : PrinTray
LegalCopyright : Copyright © 1999
OriginalFilename : PrinTray.exe
#:22 [qttask.exe]
FilePath : D:\
ProcessID : 464
ThreadCreationTime : 6-09-2006 19:49:17
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:23 [dumeter.exe]
FilePath : C:\Program Files\DU Meter\
ProcessID : 348
ThreadCreationTime : 6-09-2006 19:49:19
BasePriority : Normal
FileVersion : 3.07 Build 200
ProductVersion : 3.07 Build 200
ProductName : DU Meter
CompanyName : Hagel Technologies
FileDescription : DU Meter
InternalName : DU Meter
LegalCopyright : Copyright © 1997-2004 Hagel Technologies
OriginalFilename : DUMETER.EXE
#:24 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 800
ThreadCreationTime : 6-09-2006 19:49:20
BasePriority : Normal
FileVersion : 6.14.10.4019
ProductVersion : 6.14.10.4019
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe
#:25 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 932
ThreadCreationTime : 6-09-2006 19:49:21
BasePriority : Normal
#:26 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 1148
ThreadCreationTime : 6-09-2006 19:49:21
BasePriority : Normal
FileVersion : 5, 1, 0, 51
ProductVersion : 5, 1, 0, 51
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager
#:27 [cnxdsltb.exe]
FilePath : C:\Program Files\USB ADSL\
ProcessID : 1380
ThreadCreationTime : 6-09-2006 19:49:22
BasePriority : Normal
FileVersion : 2.099.081.000
ProductVersion : 2.099.081.000
ProductName : Conexant AccessRunner ADSL
CompanyName : Conexant Systems Inc.
FileDescription : Taakbalktoepassing
LegalCopyright : © 1999-2003 Conexant Systems Inc.
#:28 [bdoesrv.exe]
FilePath : C:\Program Files\Softwin\BitDefender8\
ProcessID : 1444
ThreadCreationTime : 6-09-2006 19:49:22
BasePriority : Normal
FileVersion : 8, 1, 0, 0
ProductVersion : 8, 1, 0, 0
ProductName : Bitdefender 8
CompanyName : SOFTWIN SRL
FileDescription : bdoesrv application
InternalName : bdoesrv
LegalCopyright : © 2005 SOFTWIN S.R.L.
OriginalFilename : bdoesrv.exe
#:29 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1704
ThreadCreationTime : 6-09-2006 19:49:24
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:30 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 1716
ThreadCreationTime : 6-09-2006 19:49:25
BasePriority : Normal
FileVersion : 4.7.2009
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:31 [ad-watch.exe]
FilePath : D:\bart\Ad-Aware SE Plus\
ProcessID : 1724
ThreadCreationTime : 6-09-2006 19:49:27
BasePriority : Normal
FileVersion : 3.1.2.17
ProductVersion : 3.2
ProductName : Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Watch System Protector
InternalName : Ad-Watch.exe
LegalCopyright : 1999-2004 Team Lavasoft
OriginalFilename : Ad-Watch.exe
#:32 [wzqkpick.exe]
FilePath : C:\Program Files\WinZip\
ProcessID : 936
ThreadCreationTime : 6-09-2006 19:49:29
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6028)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English
#:33 [fsscrctl.exe]
FilePath : C:\WINDOWS\
ProcessID : 896
ThreadCreationTime : 6-09-2006 19:49:30
BasePriority : Normal
FileVersion : 2, 1, 0, 46
ProductVersion : 2, 1, 0, 46
ProductName : Stardust Screen Saver Toolkit 2.1
CompanyName : Stardust Software
FileDescription : Screen Saver Control applet
InternalName : FSScrCtl
LegalCopyright : Copyright © 1998-1999 Stardust Software.
LegalTrademarks : Stardust and Screen Saver Toolkit are trademarks of Stardust Software.
OriginalFilename : FSSCRCTL.EXE
Comments : www.stardustsoftware.com
#:34 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2628
ThreadCreationTime : 6-09-2006 19:55:07
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Verkenner
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : EXPLORER.EXE
SurfSideKick Object Recognized!
Type : Process
Data : SskBho.dll
TAC Rating : 7
Category : Data Miner
Comment : SskBho.dll.dmp
Object : C:\Program Files\SurfSideKick 3\
Warning! SurfSideKick Object found in memory(C:\Program Files\SurfSideKick 3\SskBho.dll)
#:35 [ad-aware.exe]
FilePath : D:\bart\Ad-Aware SE Plus\
ProcessID : 2804
ThreadCreationTime : 6-09-2006 19:55:13
BasePriority : Normal
FileVersion : 6.2.0.237
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
SurfSideKick Object Recognized!
Type : Process
Data : SskBho.dll
TAC Rating : 7
Category : Data Miner
Comment : SskBho.dll.dmp
Object : C:\Program Files\SurfSideKick 3\
Warning! SurfSideKick Object found in memory(C:\Program Files\SurfSideKick 3\SskBho.dll)
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SurfSideKick Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 4
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SurfSideKick Object Recognized!
Type : File
Data : A0176840.dll
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6AD5475B-352D-437F-9AE9-D8EF515DDC09}\RP460\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
Deep scanning and examining files (K:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for K:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 5
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SurfSideKick Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\run
Value : SurfSideKick 3
SurfSideKick Object Recognized!
Type : Folder
TAC Rating : 7
Category : Data Miner
Comment : SurfSideKick
Object : C:\Program Files\SurfSideKick 3
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 7
22:06:36 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:02.765
Objects scanned:182207
Objects identified:4
Objects ignored:0
New critical objects:4
I cleared out my cache folder ( temporary internet folder) = 435 MB is removed with CCleaner.
This is my logfile after a re-scan with Ad-aware.
Ad-Aware SE Build 1.06r1
Logfile Created on:woensdag 6 september 2006 21:56:34
Using definitions file:SE1R121 28.08.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):1 total references
SurfSideKick(TAC index:7):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects
6-09-2006 21:56:34 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Bart.BART\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 420
ThreadCreationTime : 6-09-2006 19:48:56
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 484
ThreadCreationTime : 6-09-2006 19:48:57
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\System32\
ProcessID : 508
ThreadCreationTime : 6-09-2006 19:48:59
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 556
ThreadCreationTime : 6-09-2006 19:48:59
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Services en controllertoepassingen
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 568
ThreadCreationTime : 6-09-2006 19:48:59
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 736
ThreadCreationTime : 6-09-2006 19:49:01
BasePriority : Normal
FileVersion : 6.14.10.4109
ProductVersion : 6.14.10.4109.04
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 784
ThreadCreationTime : 6-09-2006 19:49:01
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 832
ThreadCreationTime : 6-09-2006 19:49:01
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 920
ThreadCreationTime : 6-09-2006 19:49:01
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 960
ThreadCreationTime : 6-09-2006 19:49:02
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1052
ThreadCreationTime : 6-09-2006 19:49:02
BasePriority : Normal
FileVersion : 5,13,00,00
ProductVersion : 5,13,00,00
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2000 Lexmark International, Inc.
OriginalFilename : LexBceS.exe
#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1080
ThreadCreationTime : 6-09-2006 19:49:02
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:13 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1120
ThreadCreationTime : 6-09-2006 19:49:02
BasePriority : Normal
FileVersion : 5,13,00,00
ProductVersion : 5,13,00,00
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2000 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)
#:14 [cdac11ba.exe]
FilePath : C:\WINDOWS\System32\drivers\
ProcessID : 1248
ThreadCreationTime : 6-09-2006 19:49:02
BasePriority : Normal
FileVersion : 4.20.0
ProductVersion : 4.20.0 Windows NT 2002/07/15
ProductName : SafeCast Windows NT
CompanyName : Macrovision
FileDescription : Macrovision RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright © 1998-2002 Macrovision Corp.
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English
#:15 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1436
ThreadCreationTime : 6-09-2006 19:49:04
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:16 [xcommsvr.exe]
FilePath : C:\Program Files\Common Files\Softwin\BitDefender Communicator\
ProcessID : 1508
ThreadCreationTime : 6-09-2006 19:49:04
BasePriority : Normal
FileVersion : 1, 8, 9, 0
ProductVersion : 1, 8, 9, 0
ProductName : Softwin BitDefender Communicator Server
CompanyName : Softwin
FileDescription : BitDefender Communicator Server
InternalName : XCOMMSVR
LegalCopyright : Copyright © 2003-2004 Softwin
OriginalFilename : xcommsvr.exe
Comments : Manages communication between BitDefender components
#:17 [bdss.exe]
FilePath : C:\Program Files\Common Files\Softwin\BitDefender Scan Server\
ProcessID : 1548
ThreadCreationTime : 6-09-2006 19:49:04
BasePriority : Normal
#:18 [pdsched.exe]
FilePath : C:\Program Files\Raxco\PerfectDisk\
ProcessID : 1568
ThreadCreationTime : 6-09-2006 19:49:05
BasePriority : Normal
FileVersion : 7, 0, 0, 31
ProductVersion : 7, 0, 0, 31
ProductName : PDSched Module
CompanyName : Raxco Software, Inc.
FileDescription : PDSched Module
InternalName : PDSched
LegalCopyright : Copyright © 2004
OriginalFilename : PDSched.exe
#:19 [vsserv.exe]
FilePath : C:\Program Files\Softwin\BitDefender8\
ProcessID : 1640
ThreadCreationTime : 6-09-2006 19:49:07
BasePriority : Normal
FileVersion : 8, 1, 0, 0
ProductVersion : 8, 1, 0, 0
ProductName : BitDefender 8
CompanyName : SOFTWIN S.R.L.
FileDescription : BitDefender Security Service
InternalName : VSServ
LegalCopyright : © 2005 SOFTWIN S.R.L.
OriginalFilename : vsserv.exe
#:20 [ltmoh.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1968
ThreadCreationTime : 6-09-2006 19:49:16
BasePriority : Normal
FileVersion : 1.57
ProductVersion : 1.57
ProductName : LtMoh Application
CompanyName : Zoom Telephonics
FileDescription : LtMoh MFC Application
InternalName : LtMoh
LegalCopyright : Zoom Telephonics Copyright © 2001
LegalTrademarks : LT
OriginalFilename : LtMoh.EXE
#:21 [printray.exe]
FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
ProcessID : 444
ThreadCreationTime : 6-09-2006 19:49:17
BasePriority : Normal
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 5
ProductName : Lexmark PrinTray
CompanyName : Lexmark
FileDescription : PrinTray
InternalName : PrinTray
LegalCopyright : Copyright © 1999
OriginalFilename : PrinTray.exe
#:22 [qttask.exe]
FilePath : D:\
ProcessID : 464
ThreadCreationTime : 6-09-2006 19:49:17
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:23 [dumeter.exe]
FilePath : C:\Program Files\DU Meter\
ProcessID : 348
ThreadCreationTime : 6-09-2006 19:49:19
BasePriority : Normal
FileVersion : 3.07 Build 200
ProductVersion : 3.07 Build 200
ProductName : DU Meter
CompanyName : Hagel Technologies
FileDescription : DU Meter
InternalName : DU Meter
LegalCopyright : Copyright © 1997-2004 Hagel Technologies
OriginalFilename : DUMETER.EXE
#:24 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 800
ThreadCreationTime : 6-09-2006 19:49:20
BasePriority : Normal
FileVersion : 6.14.10.4019
ProductVersion : 6.14.10.4019
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe
#:25 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 932
ThreadCreationTime : 6-09-2006 19:49:21
BasePriority : Normal
#:26 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 1148
ThreadCreationTime : 6-09-2006 19:49:21
BasePriority : Normal
FileVersion : 5, 1, 0, 51
ProductVersion : 5, 1, 0, 51
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager
#:27 [cnxdsltb.exe]
FilePath : C:\Program Files\USB ADSL\
ProcessID : 1380
ThreadCreationTime : 6-09-2006 19:49:22
BasePriority : Normal
FileVersion : 2.099.081.000
ProductVersion : 2.099.081.000
ProductName : Conexant AccessRunner ADSL
CompanyName : Conexant Systems Inc.
FileDescription : Taakbalktoepassing
LegalCopyright : © 1999-2003 Conexant Systems Inc.
#:28 [bdoesrv.exe]
FilePath : C:\Program Files\Softwin\BitDefender8\
ProcessID : 1444
ThreadCreationTime : 6-09-2006 19:49:22
BasePriority : Normal
FileVersion : 8, 1, 0, 0
ProductVersion : 8, 1, 0, 0
ProductName : Bitdefender 8
CompanyName : SOFTWIN SRL
FileDescription : bdoesrv application
InternalName : bdoesrv
LegalCopyright : © 2005 SOFTWIN S.R.L.
OriginalFilename : bdoesrv.exe
#:29 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1704
ThreadCreationTime : 6-09-2006 19:49:24
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:30 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 1716
ThreadCreationTime : 6-09-2006 19:49:25
BasePriority : Normal
FileVersion : 4.7.2009
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:31 [ad-watch.exe]
FilePath : D:\bart\Ad-Aware SE Plus\
ProcessID : 1724
ThreadCreationTime : 6-09-2006 19:49:27
BasePriority : Normal
FileVersion : 3.1.2.17
ProductVersion : 3.2
ProductName : Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Watch System Protector
InternalName : Ad-Watch.exe
LegalCopyright : 1999-2004 Team Lavasoft
OriginalFilename : Ad-Watch.exe
#:32 [wzqkpick.exe]
FilePath : C:\Program Files\WinZip\
ProcessID : 936
ThreadCreationTime : 6-09-2006 19:49:29
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6028)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English
#:33 [fsscrctl.exe]
FilePath : C:\WINDOWS\
ProcessID : 896
ThreadCreationTime : 6-09-2006 19:49:30
BasePriority : Normal
FileVersion : 2, 1, 0, 46
ProductVersion : 2, 1, 0, 46
ProductName : Stardust Screen Saver Toolkit 2.1
CompanyName : Stardust Software
FileDescription : Screen Saver Control applet
InternalName : FSScrCtl
LegalCopyright : Copyright © 1998-1999 Stardust Software.
LegalTrademarks : Stardust and Screen Saver Toolkit are trademarks of Stardust Software.
OriginalFilename : FSSCRCTL.EXE
Comments : www.stardustsoftware.com
#:34 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2628
ThreadCreationTime : 6-09-2006 19:55:07
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Verkenner
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : EXPLORER.EXE
SurfSideKick Object Recognized!
Type : Process
Data : SskBho.dll
TAC Rating : 7
Category : Data Miner
Comment : SskBho.dll.dmp
Object : C:\Program Files\SurfSideKick 3\
Warning! SurfSideKick Object found in memory(C:\Program Files\SurfSideKick 3\SskBho.dll)
#:35 [ad-aware.exe]
FilePath : D:\bart\Ad-Aware SE Plus\
ProcessID : 2804
ThreadCreationTime : 6-09-2006 19:55:13
BasePriority : Normal
FileVersion : 6.2.0.237
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
SurfSideKick Object Recognized!
Type : Process
Data : SskBho.dll
TAC Rating : 7
Category : Data Miner
Comment : SskBho.dll.dmp
Object : C:\Program Files\SurfSideKick 3\
Warning! SurfSideKick Object found in memory(C:\Program Files\SurfSideKick 3\SskBho.dll)
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SurfSideKick Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 4
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SurfSideKick Object Recognized!
Type : File
Data : A0176840.dll
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6AD5475B-352D-437F-9AE9-D8EF515DDC09}\RP460\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
Deep scanning and examining files (K:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for K:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 5
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SurfSideKick Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\run
Value : SurfSideKick 3
SurfSideKick Object Recognized!
Type : Folder
TAC Rating : 7
Category : Data Miner
Comment : SurfSideKick
Object : C:\Program Files\SurfSideKick 3
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 7
22:06:36 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:02.765
Objects scanned:182207
Objects identified:4
Objects ignored:0
New critical objects:4
vranken,
please can you clear out your cache folder ie: temporary internet folder There are some free programs that you can use that will do that for you if needed like
CCleaner
(Note in CCleaner: go to >options > advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours"). but see CCleaner Set up
also in the settup of CCleaner The LS Staff would perfuer if you un-tick (un-check) "Utilities" (i.e., Ad-Aware, ewido and other security program logs.) at leat till your pc is clean of spyware/malware
to do this open CCleaner and click on the Applications Tab then un-tick (un-check) all the "Utilities"
now use the WebUpDate
(to make sure you are upto date) if you want to clean your PC then scan by doing a "Full Scan" then and once the scan has finished
mark and remove the items then Reboot (ie: Re-start your PC)
Then re-scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature .
GRAFX
please can you clear out your cache folder ie: temporary internet folder There are some free programs that you can use that will do that for you if needed like
CCleaner
(Note in CCleaner: go to >options > advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours"). but see CCleaner Set up
also in the settup of CCleaner The LS Staff would perfuer if you un-tick (un-check) "Utilities" (i.e., Ad-Aware, ewido and other security program logs.) at leat till your pc is clean of spyware/malware
to do this open CCleaner and click on the Applications Tab then un-tick (un-check) all the "Utilities"
now use the WebUpDate
(to make sure you are upto date) if you want to clean your PC then scan by doing a "Full Scan" then and once the scan has finished
mark and remove the items then Reboot (ie: Re-start your PC)
Then re-scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature .
GRAFX
Grafx,
Did you reed my reply of september 6 ?
Thank you.
Did you reed my reply of september 6 ?
Thank you.
I’m sure, GRAFX did read your latest post but the reason for another scan is what you have showing is inside your system folder.
SurfSideKick Object Recognized!
Type : File
Data : A0176840.dll
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6AD5475B-352D-437F-9AE9-D8EF515DDC09}\RP460\
so we need to get you as clean as possible before we get you to set a new restore point now.. post the new lofile and wait further instructions from GRAFX please ….
numbnuts...
SurfSideKick Object Recognized!
Type : File
Data : A0176840.dll
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6AD5475B-352D-437F-9AE9-D8EF515DDC09}\RP460\
so we need to get you as clean as possible before we get you to set a new restore point now.. post the new lofile and wait further instructions from GRAFX please ….
numbnuts...
Grafx
I cleared out my cache folder ( temporary internet folder) = 435 MB is removed with CCleaner.
This is my logfile ( right ?) after reboot and a re-scan with CCleaner:.
VERWIJDERING COMPLEET - (0,770 seconden)
------------------------------------------------------------------------------------------
16,94KB verwijderd.
Details van de verwijderde bestanden
------------------------------------------------------------------------------------------
IE Tijdelijke Bestanden (6 bestanden) 402 bytes
Geselecteerd voor verwijdering: C:\Documents and Settings\Bart.BART\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Geselecteerd voor verwijdering: C:\Documents and Settings\Bart.BART\Cookies\index.dat
C:\WINDOWS\TEMP\tmp00001213\tmp00000000 0 bytes
C:\WINDOWS\system32\wbem\Logs\wbemess.log 9,94KB
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 126 bytes
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\Debug\UserMode\userenv.log 6,48KB
------------------------------------------------------------------------------------------
I cleared out my cache folder ( temporary internet folder) = 435 MB is removed with CCleaner.
This is my logfile ( right ?) after reboot and a re-scan with CCleaner:.
VERWIJDERING COMPLEET - (0,770 seconden)
------------------------------------------------------------------------------------------
16,94KB verwijderd.
Details van de verwijderde bestanden
------------------------------------------------------------------------------------------
IE Tijdelijke Bestanden (6 bestanden) 402 bytes
Geselecteerd voor verwijdering: C:\Documents and Settings\Bart.BART\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Geselecteerd voor verwijdering: C:\Documents and Settings\Bart.BART\Cookies\index.dat
C:\WINDOWS\TEMP\tmp00001213\tmp00000000 0 bytes
C:\WINDOWS\system32\wbem\Logs\wbemess.log 9,94KB
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 126 bytes
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\Debug\UserMode\userenv.log 6,48KB
------------------------------------------------------------------------------------------
Success ! 
I removed Surfsidekick with COMBOFIX
http://download.bleepingcomputer.com/sUBs/combofix.exe
Thanks to Marc from Telenet Belgium.
groeten, Vranken
I removed Surfsidekick with COMBOFIX
http://download.bleepingcomputer.com/sUBs/combofix.exe
Thanks to Marc from Telenet Belgium.
groeten, Vranken
Yes, Surfsidekick is very difficult to remove once you are infected with it. ComboFix is the standalone tool that can remove most, if not all of it.
I assume that your issues have been resolved. I'll go ahead and archive this topic in the "Resolved" section (read only)
If you should have any further issues, please feel free to post a new topic.
Some final cleanup and prevention recomendations follow.
Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?
One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Put a Checkmark in the box next to "Turn off System Restore".
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Remove the checkmark next to "Turn off System Restore".
Click Apply, and then click OK.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;310405
......................
Ad-Aware Plus has realtime protection to prevent infections before they have a chance to a stronghold on your PC
http://www.lavasoft.com/
Also, I can't stress enough the importance of having your Windows critical Security Updates. Most malware today uses exploits on unpatched systems to creep onto your system without your even doing anything but visiting an infected webpage!!
Watch what you download, be careful where you surf, and don't trust attachments or even links in email and Instant messages. Even if they come from a buddy, that buddy could be the one infected and it is the virus sending that link from his account. You click on it thinking he is trusted, and *boom* you're infected.
Many "Phishing" attempts are made by cleverly crafted email to look like it is coming from an "official" source (like Microsoft, or your bank, or some other provider). Don't click on links in those. Go directly to the site instead and navigate the menus - don't trust email you think came from a "safe source" unless you are expecting it! There is more in the link I will provide below, but those are the choice avenues of infection these days.
Stay far AWAY from cracks and warez sites - you're sure to get infected files there, and the same can be said for files downloaded from p2p (more than half are usually infected and probably not detectable by your current security software - the newest nasties are always released in those venues).
A word about shared computers and networks.
Share Your PC
http://www.microsoft.com/windowsxp/using/s...hare/intro.mspx
Not all users need to have Admin Accounts. It is much safer to have most of your users on a shared system running as Limited User accounts. That way, if there is "an accident", it will only affect one user's account and not the entire system.
Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help
.
How do I prevent Browser Hijacks and Spyware?
http://www.dslreports.com/faq/13620
If you are running XP make you have SP2 installed. That will address numerous security issues in your Operating System and IE
Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!
Windows Update
http://update.microsoft.com/microsoftupdate/
And see this link for instructions on how to configure the enhanced security features in SP2:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx
I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.
MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/...s/mbsahome.mspx
Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.
Also visit this Free Online Scanner from Microsoft for PC Health and Safety
http://safety.live.com/site/en-US/default.htm
and Microsoft Security At Home
http://www.microsoft.com/athome/security/default.mspx
for tips to Protect your Pc, Protect yourself and Protect your Family.
I assume that your issues have been resolved. I'll go ahead and archive this topic in the "Resolved" section (read only)
If you should have any further issues, please feel free to post a new topic.
Some final cleanup and prevention recomendations follow.
Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?
One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Put a Checkmark in the box next to "Turn off System Restore".
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Remove the checkmark next to "Turn off System Restore".
Click Apply, and then click OK.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;310405
......................
Ad-Aware Plus has realtime protection to prevent infections before they have a chance to a stronghold on your PC
http://www.lavasoft.com/
Also, I can't stress enough the importance of having your Windows critical Security Updates. Most malware today uses exploits on unpatched systems to creep onto your system without your even doing anything but visiting an infected webpage!!
Watch what you download, be careful where you surf, and don't trust attachments or even links in email and Instant messages. Even if they come from a buddy, that buddy could be the one infected and it is the virus sending that link from his account. You click on it thinking he is trusted, and *boom* you're infected.
Many "Phishing" attempts are made by cleverly crafted email to look like it is coming from an "official" source (like Microsoft, or your bank, or some other provider). Don't click on links in those. Go directly to the site instead and navigate the menus - don't trust email you think came from a "safe source" unless you are expecting it! There is more in the link I will provide below, but those are the choice avenues of infection these days.
Stay far AWAY from cracks and warez sites - you're sure to get infected files there, and the same can be said for files downloaded from p2p (more than half are usually infected and probably not detectable by your current security software - the newest nasties are always released in those venues).
A word about shared computers and networks.
Share Your PC
http://www.microsoft.com/windowsxp/using/s...hare/intro.mspx
Not all users need to have Admin Accounts. It is much safer to have most of your users on a shared system running as Limited User accounts. That way, if there is "an accident", it will only affect one user's account and not the entire system.
Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help
.How do I prevent Browser Hijacks and Spyware?
http://www.dslreports.com/faq/13620
If you are running XP make you have SP2 installed. That will address numerous security issues in your Operating System and IE
Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!
Windows Update
http://update.microsoft.com/microsoftupdate/
And see this link for instructions on how to configure the enhanced security features in SP2:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx
I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.
MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/...s/mbsahome.mspx
Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.
Also visit this Free Online Scanner from Microsoft for PC Health and Safety
http://safety.live.com/site/en-US/default.htm
and Microsoft Security At Home
http://www.microsoft.com/athome/security/default.mspx
for tips to Protect your Pc, Protect yourself and Protect your Family.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.