Help - Search - Members - Calendar
Full Version: malware i supose....
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
g9_fredo
Oct 13 2006, 08:06 PM
Hi there, my computer is running extremely slowly and I don't know how to fix that. I just ran Ad-Aware SE with updated components, and will now post a fresh log from hijackthis and Ad-Aware SE on my next post, which I just ran. Any help from you guys is extremely appreciated....
thnx in advance....

Logfile of HijackThis v1.99.1
Scan saved at 9:56:13 μμ, on 13/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\SYSTEM32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\el-gr\msnappau.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Prolific\One Button\OneBtn.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\SAGEM\OTEnet-SAGEM Fast 800-840\dslmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SiteAdvisor\4144\SiteAdv.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.4150\GoogleToolbarNotifier.exe
C:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\uTorrent\utorrent.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Hijackthis\HijackThis.exe

O1 - Hosts: 127.0.0.3 www.greg-tut.com
O1 - Hosts: 127.0.0.3 nylonsexy.com
O1 - Hosts: 127.0.0.3 www.nylonsexy.com
O1 - Hosts: 127.0.0.3 vparivalka.com
O1 - Hosts: 127.0.0.3 www.vparivalka.comtoescrowpay.com
O1 - Hosts: 127.0.0.3 www.awmcash.biz
O1 - Hosts: 127.0.0.3 awmcash.biz
O1 - Hosts: 127.0.0.3 fregat.drocherway.com
O1 - Hosts: 127.0.0.3 slutmania.biz
O1 - Hosts: 127.0.0.3 www.slutmania.biz
O1 - Hosts: 127.0.0.3 toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.megapornix.com
O1 - Hosts: 127.0.0.3 megapornix.com
O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
O1 - Hosts: 127.0.0.3 sp2fucked.biz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\el-gr\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\PROGRA~1\mcafee\mps\mcpopup.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\el-gr\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\el-gr\msnappau.exe"
O4 - HKLM\..\Run: [securer] C:\WINDOWS\System32\securer\syshost.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Prolific_OneButton] C:\Program Files\Prolific\One Button\OneBtn.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\OTEnet-SAGEM Fast 800-840\dslmon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: www.master69.biz
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: www.yeak.net
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://C:\nosuch.mht!http://213.159.117.133/dl/adv160/x.chm::/load.exe
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://d:\foo.mht!http://www.buldog-stats.com/adv/16//x.chm::/open.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{260447F7-69E5-49A2-ABE8-F6B596F1FCE7}: NameServer = 194.177.210.210 194.177.210.211
O17 - HKLM\System\CS1\Services\Tcpip\..\{260447F7-69E5-49A2-ABE8-F6B596F1FCE7}: NameServer = 194.177.210.210 194.177.210.211
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineek32 - C:\WINDOWS\SYSTEM32\wineek32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.EXE (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
g9_fredo
Oct 13 2006, 08:09 PM
so this is my ad-aware log in 2 parts...
PART 1

Ad-Aware SE Build 1.06r1
Logfile Created on: Friday, 13 October 2006 9:19:05 pm
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R126 12.10.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
IEHIjacker.SearchExe(TAC index:6):5 total references
MRU List(TAC index:0):47 total references
Possible Browser Hijack attempt(TAC index:3):9 total references
Redirected hostfile entry(TAC index:4):16 total references
Tracking Cookie(TAC index:3):76 total references
TrustCleaner(TAC index:10):1 total references
Win32.Downloader(TAC index:10):2 total references
Win32.TrojanDownloader.Agent.am(TAC index:10):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


13-10-2006 9:19:05 ìì - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\office\11.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\office\11.0\common\open find\microsoft office word\settings\add custom dictionary\file name mru
Description : list of custom dictionaries added by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\office\11.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\office\11.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\office\11.0\powerpoint\recentfolderlist
Description : list of recent folders used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-398076943-2486953538-2965967117-500\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 948
ThreadCreationTime : 13-10-2006 2:20:46 ìì
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1044
ThreadCreationTime : 13-10-2006 2:20:53 ìì
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\SYSTEM32\
ProcessID : 1068
ThreadCreationTime : 13-10-2006 2:20:54 ìì
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1116
ThreadCreationTime : 13-10-2006 2:20:54 ìì
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1128
ThreadCreationTime : 13-10-2006 2:20:54 ìì
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1288
ThreadCreationTime : 13-10-2006 2:20:54 ìì
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1336
ThreadCreationTime : 13-10-2006 2:20:55 ìì
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1376
ThreadCreationTime : 13-10-2006 2:20:55 ìì
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [s24evmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1420
ThreadCreationTime : 13-10-2006 2:20:55 ìì
BasePriority : Normal
FileVersion : 8, 0, 0, 161
ProductVersion : 8, 0, 0, 161
ProductName : Mobile Unit Support Service
CompanyName : Intel Corporation
FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
InternalName : S24EvMon
LegalCopyright : Copyright © 2001 - 2003 Intel Corporation, 1997 - 2001 Symbol Technologies, Inc. Portions Copyright © MIT
OriginalFilename : S24EvMon.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1480
ThreadCreationTime : 13-10-2006 2:20:55 ìì
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1580
ThreadCreationTime : 13-10-2006 2:20:55 ìì
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [zcfgsvc.exe]
FilePath : C:\WINDOWS\SYSTEM32\
ProcessID : 1988
ThreadCreationTime : 13-10-2006 2:20:57 ìì
BasePriority : Normal
FileVersion : 8, 0, 0, 161
ProductVersion : 8, 0, 0, 161
ProductName : ZeroCfgSvc Application
CompanyName : Intel Corporation
FileDescription : ZeroCfgSvc MFC Application
InternalName : ZeroCfgSvc
LegalCopyright : Copyright © 2002 - 2003 Intel Corporation
OriginalFilename : ZeroCfgSvc.EXE

#:13 [1xconfig.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 312
ThreadCreationTime : 13-10-2006 2:20:57 ìì
BasePriority : Normal
FileVersion : 8, 0, 0, 161
ProductVersion : 8, 0, 0, 161
ProductName : 8021XConfig Module
CompanyName : Intel
FileDescription : 8021XConfig Module
InternalName : 8021XConfig
LegalCopyright : Copyright 2003
OriginalFilename : 1XConfig.EXE
Comments : Wrapper for MH. (Service COM)

#:14 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 344
ThreadCreationTime : 13-10-2006 2:20:57 ìì
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 416
ThreadCreationTime : 13-10-2006 2:20:58 ìì
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:16 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 428
ThreadCreationTime : 13-10-2006 2:20:58 ìì
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:17 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 436
ThreadCreationTime : 13-10-2006 2:20:58 ìì
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:18 [stacmon.exe]
FilePath : C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\
ProcessID : 964
ThreadCreationTime : 13-10-2006 2:21:01 ìì
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : SigmaTel C-Major Audio
CompanyName : SigmaTel Inc.
InternalName : stacmon
LegalCopyright : Copyright © SigmaTel, Inc., 2003
OriginalFilename : stacmon.exe

#:19 [syntplpr.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 972
ThreadCreationTime : 13-10-2006 2:21:01 ìì
BasePriority : Normal
FileVersion : 7.5.11 30May03
ProductVersion : 7.5.11 30May03
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2003
OriginalFilename : SynTPLpr.exe

#:20 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 980
ThreadCreationTime : 13-10-2006 2:21:01 ìì
BasePriority : Normal
FileVersion : 7.5.11 30May03
ProductVersion : 7.5.11 30May03
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2003
OriginalFilename : SynTPEnh.exe

#:21 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 988
ThreadCreationTime : 13-10-2006 2:21:01 ìì
BasePriority : Normal


#:22 [ezsp_px.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1040
ThreadCreationTime : 13-10-2006 2:21:01 ìì
BasePriority : Normal


#:23 [tfnf5.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1024
ThreadCreationTime : 13-10-2006 2:21:01 ìì
BasePriority : Normal
FileVersion : 2, 2, 0, 0
ProductVersion : 2, 2, 0, 0
ProductName : TOSHIBA Hotkey Utility for Display Devices
CompanyName : TOSHIBA Corp.
FileDescription : TFnF5
InternalName : TFnF5
LegalCopyright : Copyright © 2001-2003
OriginalFilename : TFnF5.Exe
Comments : Hotkey (Fn+F5) for Display Devices

#:24 [touched.exe]
FilePath : C:\Program Files\TOSHIBA\TouchED\
ProcessID : 1092
ThreadCreationTime : 13-10-2006 2:21:01 ìì
BasePriority : Normal
FileVersion : 2, 5, 0, 0
ProductVersion : 2, 5, 0, 0
ProductName : TouchPad On/Off Utility
CompanyName : TOSHIBA Corporation
FileDescription : TouchPad On/Off Utility
InternalName : TouchED
LegalCopyright : Copyright 1998-2002 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TouchED.exe

#:25 [tfncky.exe]
FilePath : C:\Program Files\TOSHIBA\TOSHIBA Controls\
ProcessID : 184
ThreadCreationTime : 13-10-2006 2:21:01 ìì
BasePriority : Normal
FileVersion : 3.01.01
ProductVersion : 3.01.01
ProductName : TFncKy
CompanyName : TOSHIBA Corporation
FileDescription : TFncKy
InternalName : TFncKy
LegalCopyright : Copyright 2001-2003 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TFncKy.EXE

#:26 [bsclip.exe]
FilePath : C:\PROGRA~1\B'SCLI~1\Win2K\
ProcessID : 1320
ThreadCreationTime : 13-10-2006 2:21:02 ìì
BasePriority : Normal


#:27 [pinger.exe]
FilePath : C:\toshiba\ivp\ism\
ProcessID : 1416
ThreadCreationTime : 13-10-2006 2:21:02 ìì
BasePriority : Normal
FileVersion : 3.3
ProductVersion : 3.3
ProductName : Software Upgrades
CompanyName : TOSHIBA Corporation
FileDescription : TOSHIBA Pinger
InternalName : PINGER
LegalCopyright : © 1997-2002 TOSHIBA Corporation
OriginalFilename : PINGER.EXE
Comments : With TSysSMon support.

#:28 [msnappau.exe]
FilePath : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\el-gr\
ProcessID : 1476
ThreadCreationTime : 13-10-2006 2:21:02 ìì
BasePriority : Normal


#:29 [ltmoh.exe]
FilePath : C:\Program Files\ltmoh\
ProcessID : 1572
ThreadCreationTime : 13-10-2006 2:21:02 ìì
BasePriority : Normal
FileVersion : 1.69
ProductVersion : 1.69
ProductName : LtMoh Application
CompanyName : Agere Systems
FileDescription : LtMoh MFC Application
InternalName : LtMoh
LegalCopyright : Agere Copyright © 2001-2002
LegalTrademarks : LT
OriginalFilename : LtMoh.EXE

#:30 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 1568
ThreadCreationTime : 13-10-2006 2:21:02 ìì
BasePriority : Normal
FileVersion : 2.1.28.2 2.1.28.2 04/18/2003 11:20:08
ProductVersion : 2.1.28.2 2.1.28.2 04/18/2003 11:20:08
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe

#:31 [e_fatiace.exe]
FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
ProcessID : 1680
ThreadCreationTime : 13-10-2006 2:21:02 ìì
BasePriority : Normal
FileVersion : 4.00
ProductVersion : 4.00
ProductName : EPSON Status Monitor 3
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S6I0C1
LegalCopyright : Copyright © SEIKO EPSON CORP. 2005
OriginalFilename : E_S6I0C1.EXE

#:32 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1820
ThreadCreationTime : 13-10-2006 2:21:03 ìì
BasePriority : Normal
FileVersion : 0.1.0.3510
ProductVersion : 0.1.0.3510
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:33 [onebtn.exe]
FilePath : C:\Program Files\Prolific\One Button\
ProcessID : 1832
ThreadCreationTime : 13-10-2006 2:21:03 ìì
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 1, 3, 0, 0
ProductName : OneBtn Application
FileDescription : One Button Launch Application for PL-X507
InternalName : OneBtn
LegalCopyright : Copyright © 2005 Prolific Technology Inc.
OriginalFilename : OneBtn.exe

#:34 [daemon.exe]
FilePath : C:\Program Files\DAEMON Tools\
ProcessID : 1856
ThreadCreationTime : 13-10-2006 2:21:03 ìì
BasePriority : Normal


#:35 [application launcher.exe]
FilePath : C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\
ProcessID : 1872
ThreadCreationTime : 13-10-2006 2:21:03 ìì
BasePriority : Normal
FileVersion : 1.1.1.1
ProductVersion : 1.1.1.1
ProductName : Application Launcher
CompanyName : Sony Ericsson Mobile Communications AB
FileDescription : Application Launcher
InternalName : Application Launcher
LegalCopyright : Copyright © 2005 Popwire AB. All rights reserved.
OriginalFilename : Application Launcher.exe

#:36 [mskagent.exe]
FilePath : C:\Program Files\McAfee\MSK\
ProcessID : 1880
ThreadCreationTime : 13-10-2006 2:21:03 ìì
BasePriority : Normal
FileVersion : 8.0.243.0
ProductVersion : 8.0
ProductName : McAfee SpamKiller
CompanyName : McAfee Inc.
FileDescription : McAfee SpamKiller MskAgent Application
InternalName : MskAgent
LegalCopyright : Copyright © 2006, McAfee Inc.
OriginalFilename : MskAgent.exe

#:37 [mcafeedatabackup.exe]
FilePath : C:\Program Files\McAfee\MBK\
ProcessID : 1888
ThreadCreationTime : 13-10-2006 2:21:03 ìì
BasePriority : Normal


#:38 [00thotkey.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1896
ThreadCreationTime : 13-10-2006 2:21:03 ìì
BasePriority : Normal
FileVersion : 1, 0, 0, 21
ProductVersion : 6, 0, 2, 0
ProductName : TOSHIBA THotkey
CompanyName : TOSHIBA Corp.
FileDescription : THotkey
InternalName : THotkey
LegalCopyright : Copyright © 1999 -2003
OriginalFilename : THotkey.exe

#:39 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1908
ThreadCreationTime : 13-10-2006 2:21:03 ìì
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:40 [toscdspd.exe]
FilePath : C:\Program Files\TOSHIBA\TOSCDSPD\
ProcessID : 1924
ThreadCreationTime : 13-10-2006 2:21:03 ìì
BasePriority : Normal


#:41 [tpsbattm.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1932
ThreadCreationTime : 13-10-2006 2:21:03 ìì
BasePriority : Normal
FileVersion : 1, 0, 1, 0
ProductVersion : 7, 0, 0, 0
ProductName : TOSHIBA Power Saver
CompanyName : TOSHIBA Corporation
InternalName : TPSBattM
LegalCopyright : Copyright © 1998-2003 TOSHIBA Corporation
OriginalFilename : TPSBattM.exe

#:42 [dslmon.exe]
FilePath : C:\Program Files\SAGEM\OTEnet-SAGEM Fast 800-840\
ProcessID : 2028
ThreadCreationTime : 13-10-2006 2:21:04 ìì
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DSLMON Application
FileDescription : ADIMON MFC Application
InternalName : DSLMON
LegalCopyright : Copyright © 2000
OriginalFilename : ADIMON.EXE

#:43 [ramasst.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2036
ThreadCreationTime : 13-10-2006 2:21:04 ìì
BasePriority : Normal
FileVersion : 1, 0, 9, 0
ProductVersion : 1, 0, 9, 0
CompanyName : Matsushita Electric Industrial Co., Ltd.
FileDescription : CD Burning of Windows XP disabling tool for DVD MULTI Drive
LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002 - 2003
OriginalFilename : RAMASST.EXE

#:44 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2076
ThreadCreationTime : 13-10-2006 2:21:04 ìì
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:45 [capabilitymanager.exe]
FilePath : C:\Program Files\Common Files\Teleca Shared\
ProcessID : 2136
ThreadCreationTime : 13-10-2006 2:21:05 ìì
BasePriority : Normal
FileVersion : 0.0.1.48
ProductVersion : 0.0.1.48
ProductName : CapabilityManager
CompanyName : Teleca Software Solutions AB
FileDescription : Capability Manager
InternalName : CapabilityManager.exe
LegalCopyright : Copyright © 2004 Teleca Software Solutions AB. All rights reserved.
OriginalFilename : CapabilityManager.exe
Comments : This is a generic version of this component

#:46 [generic.exe]
FilePath : C:\Program Files\Common Files\Teleca Shared\
ProcessID : 2384
ThreadCreationTime : 13-10-2006 2:21:11 ìì
BasePriority : Normal
FileVersion : 1, 0, 3, 2
ProductVersion : 1, 0, 3, 2
ProductName : Device Management
CompanyName : Teleca Software Solutions
FileDescription : Generic Device Management Executable.
InternalName : Generic.exe
LegalCopyright : © Teleca Software Solutions. All rights reserved.
OriginalFilename : Generic.exe
Comments : Teleca main line.

#:47 [epmworker.exe]
FilePath : C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\
ProcessID : 2492
ThreadCreationTime : 13-10-2006 2:21:12 ìì
BasePriority : Normal
FileVersion : 1, 2, 0,1178
ProductVersion : 1,2,0,445
ProductName : CAPI_Worker Module
CompanyName : Sony Ericsson Mobile Communications AB
FileDescription : CAPI_Worker Module
InternalName : CAPI_Worker
LegalCopyright : Copyright © 2005 Popwire AB. All rights reserved.
OriginalFilename : EPMWorker.EXE

#:48 [cfsvcs.exe]
FilePath : C:\Program Files\TOSHIBA\ConfigFree\
ProcessID : 2792
ThreadCreationTime : 13-10-2006 2:21:17 ìì
BasePriority : Normal
FileVersion : 4, 50, 0, 2
ProductVersion : 4, 50, 0, 0
ProductName : ConfigFree™
CompanyName : TOSHIBA CORPORATION
FileDescription : Service of ConfigFree.
InternalName : CFSvcs.exe
LegalCopyright : Copyright © 2003 TOSHIBA CORPORATION. All rights reserved.
LegalTrademarks : ConfigFree™
OriginalFilename : CFSvcs.exe
Comments : Service of ConfigFree.

#:49 [dkservice.exe]
FilePath : C:\Program Files\Executive Software\Diskeeper\
ProcessID : 2824
ThreadCreationTime : 13-10-2006 2:21:17 ìì
BasePriority : Normal
FileVersion : 9.0.515.0
ProductVersion : 9.0.515.0
ProductName : Diskeeper ™ Disk Defragmenter
CompanyName : Executive Software International, Inc.
FileDescription : DKSERVICE.EXE
InternalName : DKSERVICE
LegalCopyright : © 1995-2004 Executive Software Int'l, Inc.
OriginalFilename : DKSERVICE

#:50 [dvdramsv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2844
ThreadCreationTime : 13-10-2006 2:21:17 ìì
BasePriority : Normal
FileVersion : 2, 0, 7, 0
ProductVersion : 2, 0, 7, 0
CompanyName : Matsushita Electric Industrial Co., Ltd.
FileDescription : Service of RAMAsst for Windows XP
LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002 - 2003
OriginalFilename : DVDRAMSV.EXE

#:51 [hwapi.exe]
FilePath : C:\Program Files\Common Files\McAfee\HackerWatch\
ProcessID : 2892
ThreadCreationTime : 13-10-2006 2:21:17 ìì
BasePriority : Normal
FileVersion : 8.0.162.0
ProductVersion : 8.0.162.0
ProductName : McAfee HackerWatch Service
CompanyName : McAfee, Inc.
FileDescription : McAfee HackerWatch Service
LegalCopyright : © McAfee, Inc. All rights reserved.
OriginalFilename : HWAPI.exe

#:52 [mclogsrv.exe]
FilePath : C:\PROGRA~1\McAfee\MSC\
ProcessID : 2920
ThreadCreationTime : 13-10-2006 2:21:17 ìì
BasePriority : Normal
FileVersion : 7,0,327,0
ProductVersion : 7,0,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : MSC Log Manager
InternalName : mclogsrv
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : mclogsrv.exe

#:53 [mcupdmgr.exe]
FilePath : C:\PROGRA~1\McAfee\MSC\
ProcessID : 2968
ThreadCreationTime : 13-10-2006 2:21:18 ìì
BasePriority : Normal
FileVersion : 7,0,327,0
ProductVersion : 7,0,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : McAfee Update Manager Service
InternalName : mcupdmgr
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : mcupdmgr.exe

#:54 [mcnasvc.exe]
FilePath : c:\program files\common files\mcafee\mna\
ProcessID : 2988
ThreadCreationTime : 13-10-2006 2:21:18 ìì
BasePriority : Normal
FileVersion : 1,0,178,0
ProductVersion : 1,0,0,0
ProductName : McAfee Integrated Security Platform
CompanyName : McAfee, Inc.
FileDescription : McAfee Network Agent
InternalName : McNASvc
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : McNASvc.exe

#:55 [mcods.exe]
FilePath : C:\PROGRA~1\McAfee\VIRUSS~1\
ProcessID : 3008
ThreadCreationTime : 13-10-2006 2:21:18 ìì
BasePriority : Normal
FileVersion : 11,0,210,0
ProductVersion : 11,0,0,0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan - On Demand Scan
InternalName : mcods.exe
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : mcods.exe

#:56 [mcpromgr.exe]
FilePath : C:\PROGRA~1\McAfee\MSC\
ProcessID : 3056
ThreadCreationTime : 13-10-2006 2:21:18 ìì
BasePriority : Normal
FileVersion : 7,0,327,0
ProductVersion : 7,0,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : McAfee Integrated Security Platform
InternalName : McProMgr
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : McProMgr.exe

#:57 [mcproxy.exe]
FilePath : c:\PROGRA~1\COMMON~1\mcafee\mcproxy\
ProcessID : 3120
ThreadCreationTime : 13-10-2006 2:21:19 ìì
BasePriority : Normal
FileVersion : 1,0,240,0
ProductVersion : 1,0,0,0
ProductName : McAfee Proxy
CompanyName : McAfee, Inc.
FileDescription : McAfee Proxy Service Module
InternalName : McProxy
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : McProxy.exe
Comments : McAfee Proxy Service

#:58 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ProcessID : 3172
ThreadCreationTime : 13-10-2006 2:21:19 ìì
BasePriority : Normal
FileVersion : 7,0,330,0
ProductVersion : 7,0,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : McAfee Integrated Security Platform
InternalName : McAgent
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : McAgent.exe

#:59 [redirsvc.exe]
FilePath : c:\PROGRA~1\COMMON~1\mcafee\redirsvc\
ProcessID : 3208
ThreadCreationTime : 13-10-2006 2:21:20 ìì
BasePriority : Normal
FileVersion : 1,0,205,0
ProductVersion : 1,0,0,0
ProductName : McAfee Redirector
CompanyName : McAfee, Inc.
FileDescription : McAfee Redirector Service Module
InternalName : McRedirector
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : RedirSvc.exe
Comments : McAfee Redirector Service

#:60 [mcshield.exe]
FilePath : C:\PROGRA~1\McAfee\VIRUSS~1\
ProcessID : 3276
ThreadCreationTime : 13-10-2006 2:21:21 ìì
BasePriority : High


#:61 [mcsysmon.exe]
FilePath : C:\PROGRA~1\McAfee\VIRUSS~1\
ProcessID : 3344
ThreadCreationTime : 13-10-2006 2:21:22 ìì
BasePriority : Normal
FileVersion : 11,0,286,0
ProductVersion : 11,0,0,0
ProductName : McAfee VirusScan API
CompanyName : McAfee, Inc.
FileDescription : McAfee SystemGuards Service
InternalName : sysmon
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : sysmon.exe

#:62 [mctskshd.exe]
FilePath : C:\PROGRA~1\McAfee\MSC\
ProcessID : 3468
ThreadCreationTime : 13-10-2006 2:21:24 ìì
BasePriority : Normal
FileVersion : 7,0,327,0
ProductVersion : 7,0,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : McAfee Tqsk Scheduler
InternalName : McTskShd
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : mctskshd.exe

#:63 [mcusrmgr.exe]
FilePath : C:\PROGRA~1\McAfee\MSC\
ProcessID : 3504
ThreadCreationTime : 13-10-2006 2:21:25 ìì
BasePriority : Normal
FileVersion : 7,0,327,0
ProductVersion : 7,0,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : MISP User Manager
InternalName : McUsrMgr
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : McUsrMgr.exe

#:64 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 3548
ThreadCreationTime : 13-10-2006 2:21:26 ìì
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:65 [mpfsrv.exe]
FilePath : C:\Program Files\McAfee\MPF\
ProcessID : 3640
ThreadCreationTime : 13-10-2006 2:21:26 ìì
BasePriority : Normal
FileVersion : 8.0.207.0
ProductVersion : 8.0.207.0
ProductName : McAfee Personal Firewall
CompanyName : McAfee, Inc.
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service

#:66 [mps.exe]
FilePath : C:\PROGRA~1\McAfee\MPS\
ProcessID : 3784
ThreadCreationTime : 13-10-2006 2:21:28 ìì
BasePriority : Normal
FileVersion : 9.0.391.0
ProductVersion : 9.0.391.0
ProductName : McAfee Privacy Service
CompanyName : McAfee, Inc.
FileDescription : McAfee Privacy Service 9.0
InternalName : mps9
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : mps.exe

#:67 [msksrver.exe]
FilePath : C:\Program Files\McAfee\MSK\
ProcessID : 3916
ThreadCreationTime : 13-10-2006 2:21:32 ìì
BasePriority : Normal
FileVersion : 8.0.243.0
ProductVersion : 8.0
ProductName : McAfee SpamKiller
CompanyName : McAfee Inc.
FileDescription : McAfee SpamKiller MskServer
InternalName : MskServe
LegalCopyright : Copyright © 2006, McAfee Inc.
OriginalFilename : MskServe.exe

#:68 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 4028
ThreadCreationTime : 13-10-2006 2:21:35 ìì
BasePriority : Normal
FileVersion : 6.14.10.4562
ProductVersion : 6.14.10.4562
ProductName : NVIDIA Driver Helper Service, Version 45.62
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 45.62
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:69 [ioctlsvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1968
ThreadCreationTime : 13-10-2006 2:21:37 ìì
BasePriority : Normal
FileVersion : 1, 5, 0, 0
ProductVersion : 1, 5, 0, 0
ProductName : IoctlSvc Application
CompanyName : Prolific Technology Inc.
FileDescription : PLFlash DeviceIoControl Service
InternalName : IoctlSvc
LegalCopyright : Copyright © 2005 Prolific Technology Inc.
OriginalFilename : IoctlSvc.exe

#:70 [regsrvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2016
ThreadCreationTime : 13-10-2006 2:21:39 ìì
BasePriority : Normal
FileVersion : 8, 0, 0, 161
ProductVersion : 8, 0, 0, 161
ProductName : RegSrvc Module
CompanyName : Intel Corporation
FileDescription : RegSrvc Module
InternalName : RegSrvc
LegalCopyright : Copyright © 2002 - 2003 Intel Corporation
OriginalFilename : RegSrvc.EXE

#:71 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1016
ThreadCreationTime : 13-10-2006 2:21:40 ìì
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:72 [mpsevh.exe]
FilePath : C:\Program Files\McAfee\MPS\
ProcessID : 1812
ThreadCreationTime : 13-10-2006 2:21:43 ìì
BasePriority : Normal
FileVersion : 9.0.391.0
ProductVersion : 9.0.391.0
ProductName : McAfee Privacy Service
CompanyName : McAfee, Inc.
FileDescription : McAfee Privacy Service 9.0 Event Handler
InternalName : MpsEventHandler
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : mpsevh.exe

#:73 [swupdtmr.exe]
FilePath : c:\Toshiba\IVP\swupdate\
ProcessID : 1840
ThreadCreationTime : 13-10-2006 2:21:44 ìì
BasePriority : Normal


#:74 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2252
ThreadCreationTime : 13-10-2006 2:21:49 ìì
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:75 [mspmspsv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2540
ThreadCreationTime : 13-10-2006 2:21:53 ìì
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE
g9_fredo
Oct 13 2006, 08:11 PM
and now PART 2:

#:76 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3908
ThreadCreationTime : 13-10-2006 2:22:49 ìì
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:77 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1020
ThreadCreationTime : 13-10-2006 5:25:54 ìì
BasePriority : Normal
FileVersion : 7.5.0324
ProductVersion : 7.5.0324
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:78 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3900
ThreadCreationTime : 13-10-2006 5:26:58 ìì
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:79 [siteadv.exe]
FilePath : C:\Program Files\SiteAdvisor\4144\
ProcessID : 2820
ThreadCreationTime : 13-10-2006 5:27:40 ìì
BasePriority : Normal
FileVersion : 1.6.0.23
ProductVersion : 1.6.0.23
ProductName : SiteAdvisor
CompanyName : McAfee, Inc.
FileDescription : SiteAdvisor
InternalName : SiteAdv
LegalCopyright : Copyright McAfee, Inc. All rights reserved.
OriginalFilename : SiteAdv

#:80 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.4150\
ProcessID : 2184
ThreadCreationTime : 13-10-2006 5:27:54 ìì
BasePriority : Normal
FileVersion : 1, 2, 908, 4150
ProductVersion : 1, 2, 908, 4150
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2006
OriginalFilename : GoogleToolbarNotifier.exe

#:81 [mcupdui.exe]
FilePath : C:\PROGRA~1\mcafee\msc\
ProcessID : 5884
ThreadCreationTime : 13-10-2006 5:31:11 ìì
BasePriority : Normal
FileVersion : 7,0,327,0
ProductVersion : 7,0,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : McAfee McUpdUI EXE
InternalName : McUpdUI
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : McUpdUI.exe

#:82 [utorrent.exe]
FilePath : C:\Program Files\uTorrent\
ProcessID : 4608
ThreadCreationTime : 13-10-2006 5:42:13 ìì
BasePriority : Normal


#:83 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ProcessID : 1516
ThreadCreationTime : 13-10-2006 6:15:15 ìì
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:84 [mcvsshld.exe]
FilePath : c:\PROGRA~1\mcafee\VIRUSS~1\
ProcessID : 1944
ThreadCreationTime : 13-10-2006 6:19:01 ìì
BasePriority : Normal
FileVersion : 11,0,210,0
ProductVersion : 11,0,0,0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield
InternalName : McVsShld
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : McVsShld.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 47


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IEHIjacker.SearchExe Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}

TrustCleaner Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\windows\currentversion\ext\stats\{590ffb84-6a29-4797-9c0e-b15df2c4cdcb}

Win32.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{11111111-1111-1111-1111-111111111157}

Win32.Downloader Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{11111111-1111-1111-1111-111111111157}
Value : Installer

Win32.TrojanDownloader.Agent.am Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-398076943-2486953538-2965967117-500\software\microsoft\active setup\installed components\{9b71d88c-c598-4935-c5d1-43aa4db90836}

Win32.TrojanDownloader.Agent.am Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\active setup\installed components\{9b71d88c-c598-4935-c5d1-43aa4db90836}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 53


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Trusted zone presumably compromised : flingstone.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Vulnerability
Comment : Trusted zone presumably compromised : flingstone.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com
Trusted zone presumably compromised : yeak.net

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Vulnerability
Comment : Trusted zone presumably compromised : yeak.net\www
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yeak.net\www
Trusted zone presumably compromised : ysbweb.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Vulnerability
Comment : Trusted zone presumably compromised : ysbweb.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com
Trusted zone presumably compromised : flingstone.com
Trusted zone presumably compromised : master69.biz

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Vulnerability
Comment : Trusted zone presumably compromised : master69.biz\www
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\master69.biz\www
Trusted zone presumably compromised : sgrunt.biz

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Vulnerability
Comment : Trusted zone presumably compromised : sgrunt.biz\www
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sgrunt.biz\www
Trusted zone presumably compromised : ysbweb.com
Trusted zone presumably compromised : flingstone.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Vulnerability
Comment : Trusted zone presumably compromised : flingstone.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com
Trusted zone presumably compromised : ysbweb.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Vulnerability
Comment : Trusted zone presumably compromised : ysbweb.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com
Trusted zone presumably compromised : flingstone.com
Trusted zone presumably compromised : ysbweb.com
Possible Browser Hijack attempt : {11111111-1111-1111-1111-111111111157} (ms-its:mhtml:file://c:\nosuch.mht!http://213.159.117.133/dl/adv160/x.chm::/load.exe)
Possible Browser Hijack attempt : {11111111-1111-1111-1111-222222222222} (ms-its:mhtml:file://d:\foo.mht!http://www.buldog-stats.com/adv/16//x.chm::/open.exe)

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Vulnerability
Comment : Possible Browser Hijack attempt : ms-its:mhtml:file://d:\foo.mht!http://www.buldog-stats.com/adv/16//x.chm::/open.exe
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-222222222222}

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Vulnerability
Comment : Possible Browser Hijack attempt : ms-its:mhtml:file://d:\foo.mht!http://www.buldog-stats.com/adv/16//x.chm::/open.exe
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-222222222222}
Value : Installer
Possible Browser Hijack attempt : {11111111-1111-1111-1111-222222222222} (ms-its:mhtml:file://d:\foo.mht!http://www.buldog-stats.com/adv/16//x.chm::/open.exe)

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 62


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:administrator@atdmt.com/
Expires : 10-10-2011 3:00:00 ðì
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@apmebf[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:administrator@apmebf.com/
Expires : 26-8-2011 12:01:20 ìì
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@tickle[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:27
Value : Cookie:administrator@tickle.com/
Expires : 4-12-2007 10:54:50 ìì
LastSync : Hits:27
UseCount : 0
Hits : 27

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@maxserving[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@maxserving.com/
Expires : 3-10-2016 11:53:12 ìì
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@adtech[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie:administrator@adtech.de/
Expires : 5-12-2015 6:28:38 ìì
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@adviva[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@adviva.net/
Expires : 12-1-2011 11:16:46 ìì
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrator@tradedoubler.com/
Expires : 1-7-2026 5:28:12 ìì
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ehg.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:51
Value : Cookie:administrator@ehg.hitbox.com/
Expires : 30-8-2007 11:33:24 ðì
LastSync : Hits:51
UseCount : 0
Hits : 51

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@clickbank[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@clickbank.net/
Expires : 4-4-2007 11:49:10 ìì
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@bluestreak[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:administrator@bluestreak.com/
Expires : 21-8-2016 2:41:08 ìì
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@valueclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:administrator@valueclick.com/
Expires : 2-2-2031 6:24:16 ìì
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@counter16.sextracker[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:administrator@counter16.sextracker.com/
Expires : 28-8-2006 4:45:06 ðì
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@z1.adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:47
Value : Cookie:administrator@z1.adserver.com/
Expires : 2-1-2007 5:26:26 ìì
LastSync : Hits:47
UseCount : 0
Hits : 47

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@statse.webtrendslive[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrator@statse.webtrendslive.com/
Expires : 3-10-2016 8:30:10 ìì
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@etype.adbureau[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:administrator@etype.adbureau.net/
Expires : 1-3-2007 3:00:00 ðì
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@centrport[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:administrator@centrport.net/
Expires : 1-1-2030 3:00:00 ðì
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@data.coremetrics[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@data.coremetrics.com/
Expires : 1-1-2021 5:28:34 ìì
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@perf.overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:administrator@perf.overture.com/
Expires : 26-1-2010 3:13:18 ìì
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@adrevolver[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@media.adrevolver.com/adrevolver/
Expires : 1-4-2009 9:25:56 ðì
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@tribalfusion.com/
Expires : 1-1-2038 3:00:00 ðì
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:administrator@2o7.net/
Expires : 6-10-2011 12:40:24 ðì
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@stat.onestat[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:administrator@stat.onestat.com/
Expires : 30-9-2016 3:00:00 ðì
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@reduxads.valuead[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:administrator@reduxads.valuead.com/
Expires : 1-1-2021 3:00:00 ðì
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@spylog[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:53
Value : Cookie:administrator@spylog.com/
Expires : 27-3-2007 8:07:24 ìì
LastSync : Hits:53
UseCount : 0
Hits : 53

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@pro-market[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@pro-market.net/
Expires : 1-6-2030 3:00:00 ðì
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@overture[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:58
Value : Cookie:administrator@overture.com/
Expires : 21-8-2016 6:30:24 ìì
LastSync : Hits:58
UseCount : 0
Hits : 58

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@bfast[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:administrator@bfast.com/
Expires : 27-1-2026 1:52:56 ìì
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@bs.serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@bs.serving-sys.com/
Expires : 1-1-2038 1:00:00 ðì
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ads.addynamix[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:46
Value : Cookie:administrator@ads.addynamix.com/
Expires : 25-8-2006 7:36:40 ìì
LastSync : Hits:46
UseCount : 0
Hits : 46

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ehg-sonyesolutions.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:36
Value : Cookie:administrator@ehg-sonyesolutions.hitbox.com/
Expires : 26-3-2007 2:48:00 ðì
LastSync : Hits:36
UseCount : 0
Hits : 36

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@edge.ru4[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:administrator@edge.ru4.com/
Expires : 21-2-2036 8:50:00 ìì
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@as1.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:28
Value : Cookie:administrator@as1.falkag.de/
Expires : 17-11-2006 8:51:10 ìì
LastSync : Hits:28
UseCount : 0
Hits : 28

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ehg-opodo.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@ehg-opodo.hitbox.com/
Expires : 24-8-2007 7:14:12 ìì
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ehg-idgentertainment.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@ehg-idgentertainment.hitbox.com/
Expires : 8-10-2007 11:09:26 ìì
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@revenue[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@revenue.net/
Expires : 10-6-2022 8:05:42 ðì
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:administrator@doubleclick.net/
Expires : 6-10-2009 1:03:40 ðì
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@cs.sexcounter[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@cs.sexcounter.com/
Expires : 12-5-2024 9:07:28 ìì
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@phg.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@phg.hitbox.com/
Expires : 26-1-2007 1:59:26 ìì
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@adserver.hellasnet[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@adserver.hellasnet.gr/
Expires : 1-1-2035 3:00:00 ðì
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@questionmarket[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@questionmarket.com/
Expires : 20-10-2007 3:45:36 ìì
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie:administrator@serving-sys.com/
Expires : 1-1-2038 1:00:00 ðì
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@landing.domainsponsor[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:administrator@landing.domainsponsor.com/
Expires : 4-12-2007 11:13:02 ìì
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:administrator@statcounter.com/
Expires : 10-10-2011 2:22:24 ìì
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@trafficmp[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:administrator@trafficmp.com/
Expires : 20-1-2007 2:30:40 ðì
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@twci.coremetrics[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@twci.coremetrics.com/
Expires : 27-2-2021 8:38:10 ìì
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ehg-nvidia.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@ehg-nvidia.hitbox.com/
Expires : 31-7-2006 2:59:56 ìì
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:17
Value : Cookie:administrator@fastclick.net/
Expires : 12-10-2008 8:46:36 ìì
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@server.iad.liveperson[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:295
Value : Cookie:administrator@server.iad.liveperson.net/
Expires : 19-6-2007 2:33:10 ðì
LastSync : Hits:295
UseCount : 0
Hits : 295

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@adserver.adreactor[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@adserver.adreactor.com/
Expires : 20-3-2007 6:13:26 ìì
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ehg-thanedirect.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@ehg-thanedirect.hitbox.com/
Expires : 7-5-2007 5:18:40 ìì
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:administrator@advertising.com/
Expires : 7-10-2011 12:48:28 ðì
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@mediaplex[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:administrator@mediaplex.com/
Expires : 22-6-2009 3:00:00 ðì
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@tripod[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@tripod.com/
Expires : 3-9-2007 9:42:52 ìì
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ads.pointroll[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:administrator@ads.pointroll.com/
Expires : 1-1-2010 3:00:00 ðì
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:administrator@zedo.com/
Expires : 3-10-2016 11:59:10 ðì
LastSync : Hits:15
UseCount : 0
Hits : 15

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@commission-junction[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrator@commission-junction.com/
Expires : 22-9-2010 5:58:32 ìì
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@divx.adbureau[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@divx.adbureau.net/
Expires : 1-3-2007 3:00:00 ðì
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@247realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrator@247realmedia.com/
Expires : 1-1-2021 3:00:00 ðì
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@hitbox.com/
Expires : 8-10-2007 11:09:26 ìì
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@xml.bravenetmedianetwork[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@xml.bravenetmedianetwork.com/
Expires : 22-4-2006 2:06:02 ðì
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@toteme[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:administrator@toteme.com/
Expires : 6-11-2006 11:55:40 ìì
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:administrator@realmedia.com/
Expires : 1-1-2021 3:00:00 ðì
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@casalemedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:administrator@casalemedia.com/
Expires : 28-9-2007 8:48:28 ìì
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ehg-ladbrokes.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:20
Value : Cookie:administrator@ehg-ladbrokes.hitbox.com/
Expires : 21-6-2007 9:38:32 ìì
LastSync : Hits:20
UseCount : 0
Hits : 20

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@bravenet[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:administrator@bravenet.com/
Expires : 23-8-2016 7:50:46 ìì
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@sextracker[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:administrator@sextracker.com/
Expires : 31-8-2006 11:36:48 ðì
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@citi.bridgetrack[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrator@citi.bridgetrack.com/
Expires : 15-9-2007 7:00:00 ðì
LastSync : Hits:4
UseCount : 0
Hits : 4
g9_fredo
Oct 13 2006, 08:13 PM
erm... i didn't do the approprieate calculations.... sorry... so it is in 3 parts...
PART 3:

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@adrevolver[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:administrator@www.e-bannerx.com/adrevolver/
Expires : 3-9-2007 6:36:20 ìì
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@hotlog[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@hotlog.ru/
Expires : 5-10-2007 4:06:02 ìì
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@findwhat[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@findwhat.com/
Expires : 1-1-2020 3:00:02 ðì
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@counter9.sextracker[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@counter9.sextracker.com/
Expires : 31-8-2006 4:36:48 ðì
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ehg-farstone.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrator@ehg-farstone.hitbox.com/
Expires : 7-9-2007 8:07:20 ìì
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ehg-ti.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:administrator@ehg-ti.hitbox.com/
Expires : 17-9-2007 7:59:22 ìì
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@targetnet[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrator@targetnet.com/
Expires : 18-5-2033 6:33:20 ðì
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ehg-sigames.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:administrator@ehg-sigames.hitbox.com/
Expires : 24-8-2007 8:32:38 ìì
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ehg-gamespot.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie:administrator@ehg-gamespot.hitbox.com/
Expires : 29-8-2007 11:45:42 ìì
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 76
Objects found so far: 138



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 138


Deep scanning and examining files (H:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for H:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 138


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Warning!
Bad Hosts file entry:127.0.0.3:www.greg-tut.com


Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 127.0.0.3
TAC Rating : 4
Category : Misc
Comment :
Bad Hostfile entry : 127.0.0.3:www.greg-tut.com
Warning!
Bad Hosts file entry:127.0.0.3:nylonsexy.com


Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 127.0.0.3
TAC Rating : 4
Category : Misc
Comment :
Bad Hostfile entry : 127.0.0.3:nylonsexy.com
Warning!
Bad Hosts file entry:127.0.0.3:www.nylonsexy.com


Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 127.0.0.3
TAC Rating : 4
Category : Misc
Comment :
Bad Hostfile entry : 127.0.0.3:www.nylonsexy.com
Warning!
Bad Hosts file entry:127.0.0.3:vparivalka.com


Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 127.0.0.3
TAC Rating : 4
Category : Misc
Comment :
Bad Hostfile entry : 127.0.0.3:vparivalka.com
Warning!
Bad Hosts file entry:127.0.0.3:www.vparivalka.comtoescrowpay.com


Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 127.0.0.3
TAC Rating : 4
Category : Misc
Comment :
Bad Hostfile entry : 127.0.0.3:www.vparivalka.comtoescrowpay.com
Warning!
Bad Hosts file entry:127.0.0.3:www.awmcash.biz


Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 127.0.0.3
TAC Rating : 4
Category : Misc
Comment :
Bad Hostfile entry : 127.0.0.3:www.awmcash.biz
Warning!
Bad Hosts file entry:127.0.0.3:awmcash.biz


Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 127.0.0.3
TAC Rating : 4
Category : Misc
Comment :
Bad Hostfile entry : 127.0.0.3:awmcash.biz
Warning!
Bad Hosts file entry:127.0.0.3:fregat.drocherway.com


Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 127.0.0.3
TAC Rating : 4
Category : Misc
Comment :
Bad Hostfile entry : 127.0.0.3:fregat.drocherway.com
Warning!
Bad Hosts file entry:127.0.0.3:slutmania.biz


Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 127.0.0.3
TAC Rating : 4
Category : Misc
Comment :
Bad Hostfile entry : 127.0.0.3:slutmania.biz
Warning!
Bad Hosts file entry:127.0.0.3:www.slutmania.biz


Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 127.0.0.3
TAC Rating : 4
Category : Misc
Comment :
Bad Hostfile entry : 127.0.0.3:www.slutmania.biz
Warning!
Bad Hosts file entry:127.0.0.3:toolbarpartner.com


Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 127.0.0.3
TAC Rating : 4
Category : Misc
Comment :
Bad Hostfile entry : 127.0.0.3:toolbarpartner.com
Warning!
Bad Hosts file entry:127.0.0.3:www.toolbarpartner.com


Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 127.0.0.3
TAC Rating : 4
Category : Misc
Comment :
Bad Hostfile entry : 127.0.0.3:www.toolbarpartner.com
Warning!
Bad Hosts file entry:127.0.0.3:www.megapornix.com


Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 127.0.0.3
TAC Rating : 4
Category : Misc
Comment :
Bad Hostfile entry : 127.0.0.3:www.megapornix.com
Warning!
Bad Hosts file entry:127.0.0.3:megapornix.com


Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 127.0.0.3
TAC Rating : 4
Category : Misc
Comment :
Bad Hostfile entry : 127.0.0.3:megapornix.com
Warning!
Bad Hosts file entry:127.0.0.3:www.sp2fucked.biz


Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 127.0.0.3
TAC Rating : 4
Category : Misc
Comment :
Bad Hostfile entry : 127.0.0.3:www.sp2fucked.biz
Warning!
Bad Hosts file entry:127.0.0.3:sp2fucked.biz


Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 127.0.0.3
TAC Rating : 4
Category : Misc
Comment :
Bad Hostfile entry : 127.0.0.3:sp2fucked.biz

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
16 entries scanned.
New critical objects:16
Objects found so far: 154




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IEHIjacker.SearchExe Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar

IEHIjacker.SearchExe Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\search
Value : SearchAssistant

IEHIjacker.SearchExe Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Search Page

IEHIjacker.SearchExe Object Recognized!
Type : RegData
Data : 1
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Custom Search URL
Data : 1

Win32.TrojanDownloader.Agent.am Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wget

Win32.TrojanDownloader.Agent.am Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wget
Value : plg1

Win32.TrojanDownloader.Agent.am Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wget

Win32.TrojanDownloader.Agent.am Object Recognized!
Type : File
Data : plugin1.dat
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 162

9:41:45 ìì Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:22:39.295
Objects scanned:188775
Objects identified:115
Objects ignored:0
New critical objects:115
g9_fredo
Oct 17 2006, 08:52 AM
can anyone help me pls? i posted at 13th of October 2006... the topic title is "malware i suppose..."
pls help me because my pc is getting slower...
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.