Lavasoft Support Forums > TommyRay's Own Topic

TommyRay

Nov 7 2006, 05:14 PM

Hi,

I have also been getting uskyonline popups. I do have the latest release of AdAware, and also have done the WebUpdate for the newest database. I have read where you desire the log file, and shall post in here. unfortunately, it will take more than one post to do so...

Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, November 07, 2006 1:23:55 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R130 06.11.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.AdMedia(TAC index:10):4 total references
Adware.SystemProcess(TAC index:10):35 total references
AdvertBar(TAC index:5):1 total references
eUniverse(TAC index:10):2 total references
MRU List(TAC index:0):42 total references
Possible Browser Hijack attempt(TAC index:3):3 total references
Tracking Cookie(TAC index:3):42 total references
WebHancer(TAC index:9):1 total references
WinAntiVirusPro(TAC index:10):1 total references
WindUpdates(TAC index:8):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

11-7-2006 1:23:55 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Thomas R. France\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office

MRU List Object Recognized!
Location: : C:\Documents and Settings\Thomas R. France\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\adobe\adobe acrobat\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe acrobat

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\jasc\animation shop 2\fileopendialog
Description : list of recently opened files in jasc animation shop

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\jasc\animation shop 2\recent file list
Description : list of recently used files in jasc animation shop

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\jasc\animation shop 2\saveasdialog
Description : list of recently saved files in jasc animation shop

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\jasc\paint shop pro 6\recent file list
Description : list of recently used files in jasc paint shop pro

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\macromedia\flash 7\recent file list
Description : list of recently used files in macromedia flash

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\frontpage\explorer\frontpage explorer\recent file list
Description : list of recently used files in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\frontpage\explorer\frontpage explorer\recent page list
Description : list of recently used pages in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\frontpage\explorer\frontpage explorer\recent publish list
Description : list of recently published webs in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\frontpage\explorer\frontpage explorer\recent web list
Description : list of recently used webs in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\frontpage\explorer\frontpage explorer\recently created servers
Description : list of recently created servers in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\frontpage\webs\opened
Description : list of recently opened webs in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\mediaplayer\player\recenturllist
Description : list of recently used web addresses in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 160
ThreadCreationTime : 11-7-2006 1:23:57 AM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 184
ThreadCreationTime : 11-7-2006 1:24:07 AM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 180
ThreadCreationTime : 11-7-2006 1:24:09 AM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 232
ThreadCreationTime : 11-7-2006 1:24:13 AM
BasePriority : Normal
FileVersion : 5.00.2195.7035
ProductVersion : 5.00.2195.7035
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 244
ThreadCreationTime : 11-7-2006 1:24:13 AM
BasePriority : Normal
FileVersion : 5.00.2195.7011
ProductVersion : 5.00.2195.7011
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [smc.exe]
FilePath : C:\Program Files\Sygate\SPF\
ProcessID : 384
ThreadCreationTime : 11-7-2006 1:24:21 AM
BasePriority : Normal
FileVersion : 5.6.00.2808
ProductVersion : 5.6.00.2808
ProductName : Sygate® Security Agent and Personal Firewall
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
LegalCopyright : Copyright © 1999 - 2004 Sygate Technologies, Inc. All rights reserved.
OriginalFilename : Smc.EXE

#:7 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 436
ThreadCreationTime : 11-7-2006 1:24:29 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:8 [lexbces.exe]
FilePath : C:\WINNT\system32\
ProcessID : 472
ThreadCreationTime : 11-7-2006 1:24:31 AM
BasePriority : Normal
FileVersion : 5,13,00,00
ProductVersion : 5,13,00,00
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2000 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:9 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 512
ThreadCreationTime : 11-7-2006 1:24:32 AM
BasePriority : Normal
FileVersion : 5.00.2195.7059
ProductVersion : 5.00.2195.7059
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:10 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 548
ThreadCreationTime : 11-7-2006 1:24:35 AM
BasePriority : Normal
FileVersion : 7,1,0,365
ProductVersion : 7.1.0.365
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:11 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 592
ThreadCreationTime : 11-7-2006 1:24:38 AM
BasePriority : Normal
FileVersion : 7,1,0,349
ProductVersion : 7.1.0.349
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:12 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 616
ThreadCreationTime : 11-7-2006 1:24:38 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:13 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 652
ThreadCreationTime : 11-7-2006 1:24:42 AM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:14 [regsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 764
ThreadCreationTime : 11-7-2006 1:24:47 AM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:15 [mstask.exe]
FilePath : C:\WINNT\system32\
ProcessID : 736
ThreadCreationTime : 11-7-2006 1:24:48 AM
BasePriority : Normal
FileVersion : 4.71.2195.6972
ProductVersion : 4.71.2195.6972
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:16 [stisvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 836
ThreadCreationTime : 11-7-2006 1:24:49 AM
BasePriority : Normal
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE

#:17 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ProcessID : 880
ThreadCreationTime : 11-7-2006 1:24:51 AM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:18 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 888
ThreadCreationTime : 11-7-2006 1:24:51 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:19 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 1092
ThreadCreationTime : 11-7-2006 1:37:12 AM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:20 [xiwin32.exe]
FilePath : F:\Xitami\
ProcessID : 1032
ThreadCreationTime : 11-7-2006 1:37:23 AM
BasePriority : Idle

#:21 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1028
ThreadCreationTime : 11-7-2006 1:37:24 AM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:22 [amoumain.exe]
FilePath : C:\PROGRA~1\AOpen\Mouse\
ProcessID : 696
ThreadCreationTime : 11-7-2006 1:37:24 AM
BasePriority : Normal

#:23 [wuauclt.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1116
ThreadCreationTime : 11-7-2006 1:37:26 AM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:24 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1316
ThreadCreationTime : 11-7-2006 1:37:30 AM
BasePriority : Normal
FileVersion : 7,1,0,406
ProductVersion : 7.1.0.406
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2006, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:25 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1324
ThreadCreationTime : 11-7-2006 1:37:33 AM
BasePriority : Normal
FileVersion : 7,1,0,400
ProductVersion : 7.1.0.400
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2006, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:26 [block-checker.exe]
FilePath : C:\Program Files\Block Checker\
ProcessID : 1288
ThreadCreationTime : 11-7-2006 1:37:34 AM
BasePriority : Normal
FileVersion : 1.00.0026
ProductVersion : 1.00.0026
ProductName : block-checker
InternalName : block-checker
OriginalFilename : block-checker.exe

Adware.SystemProcess Object Recognized!
Type : Process
Data : block-checker.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\Block Checker\
FileVersion : 1.00.0026
ProductVersion : 1.00.0026
ProductName : block-checker
InternalName : block-checker
OriginalFilename : block-checker.exe

Warning! "C:\Program Files\Block Checker\block-checker.exe"Process could not be terminated!
"C:\Program Files\Block Checker\block-checker.exe"Process terminated successfully

#:27 [hpgs2wnd.exe]
FilePath : C:\Program Files\Hewlett-Packard\HP Share-to-Web\
ProcessID : 1340
ThreadCreationTime : 11-7-2006 1:37:35 AM
BasePriority : Normal
FileVersion : 2,3,0,0\ 162
ProductVersion : 2,3,0,0\ 162
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe

#:28 [hpgs2wnf.exe]
FilePath : c:\Program Files\Hewlett-Packard\HP Share-to-Web\
ProcessID : 1380
ThreadCreationTime : 11-7-2006 1:37:39 AM
BasePriority : Normal
FileVersion : 2, 6, 0, 162
ProductVersion : 2, 6, 0, 162
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE

#:29 [octeltpop.exe]
FilePath : C:\WINNT\
ProcessID : 1436
ThreadCreationTime : 11-7-2006 1:37:41 AM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : popprog
InternalName : octeltpop
OriginalFilename : octeltpop.exe

#:30 [dwdsregt.exe]
FilePath : C:\winnt\system32\
ProcessID : 272
ThreadCreationTime : 11-7-2006 1:37:44 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : © 2004

#:31 [ctfmon.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1468
ThreadCreationTime : 11-7-2006 1:37:46 AM
BasePriority : Normal
FileVersion : 1.00.2409.7 built by: Lab06_N
ProductVersion : 1.00.2409.7
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Cicero Loader
InternalName : CICLOAD
LegalCopyright : Copyright © Microsoft Corporation. 1981-2001
OriginalFilename : CICLOAD.EXE

#:32 [acrotray.exe]
FilePath : C:\Program Files\Adobe\Acrobat 5.0\Distillr\
ProcessID : 1504
ThreadCreationTime : 11-7-2006 1:37:51 AM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright © 2001
OriginalFilename : AcroTray.exe

#:33 [webshotstray.exe]
FilePath : C:\Program Files\Webshots\
ProcessID : 1564
ThreadCreationTime : 11-7-2006 1:38:00 AM
BasePriority : Normal
FileVersion : 1.3.0.3826
ProductVersion : 1.3.0.3826
ProductName : Webshots Tray Application
CompanyName : The Webshots Corporation
FileDescription : Webshots Desktop Tray Application
InternalName : WEBSHOTSTRAY
LegalCopyright : Copyright © 1998
OriginalFilename : WEBSHOTSTRAY.EXE

#:34 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1816
ThreadCreationTime : 11-7-2006 3:41:53 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:35 [smartsync.exe]
FilePath : C:\PROGRA~1\PDODES~1\
ProcessID : 2148
ThreadCreationTime : 11-7-2006 6:49:41 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DVSync
FileDescription : DVSync MFC Application
InternalName : DVSync
LegalCopyright : Copyright © 2000
OriginalFilename : DVSync.EXE

#:36 [tprowler.exe]
FilePath : C:\Program Files\Tomcat Web Services\Tomcat Prowler\
ProcessID : 1924
ThreadCreationTime : 11-7-2006 6:57:56 AM
BasePriority : Normal
FileVersion : 1.11.0052
ProductVersion : 1.11.0052
ProductName : Tomcat Prowler
CompanyName : Tomcat Web Services
InternalName : tprowler
OriginalFilename : tprowler.exe

#:37 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~2\
ProcessID : 2068
ThreadCreationTime : 11-7-2006 7:09:44 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 43

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.AdMedia Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0d3f3cf0-4060-4257-bf18-77ce00454146}

Adware.AdMedia Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{49217364-e570-4f9d-9cd2-62eb4780b2ee}

Adware.SystemProcess Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c2eeb4fa-b6d6-41b9-9cfa-aba87f862bcb}

AdvertBar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2000478354-920026266-1957994488-1000\software\adtools, inc.

Adware.SystemProcess Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{c2eeb4fa-b6d6-41b9-9cfa-aba87f862bcb}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 48

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : {E0CE16CB-741C-4B24-8D04-A817856E07F4} (http://cabs.media-motor.net/cabs/jenky.cab)

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://cabs.media-motor.net/cabs/jenky.cab
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E0CE16CB-741C-4B24-8D04-A817856E07F4}

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://cabs.media-motor.net/cabs/jenky.cab
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E0CE16CB-741C-4B24-8D04-A817856E07F4}
Value : Installer

Adware.SystemProcess Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment : "BlockChecker"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : BlockChecker

Adware.SystemProcess Object Recognized!
Type : File
Data : block-checker.exe
TAC Rating : 10
Category : Malware
Comment :
Object : c:\program files\block checker\
FileVersion : 1.00.0026
ProductVersion : 1.00.0026
ProductName : block-checker
InternalName : block-checker
OriginalFilename : block-checker.exe

Adware.SystemProcess Object Recognized!
Type : RegValue
Data : C:\Program Files\Block Checker\block-checker.exe
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\Program Files\Block Checker\block-checker.exe

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 53

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:41
Value : Cookie:thomas r. france@realmedia.com/
Expires : 12-31-2020 6:00:00 PM
LastSync : Hits:41
UseCount : 0
Hits : 41

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@hc2.humanclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:thomas r. france@hc2.humanclick.com/
Expires : 11-4-2007 2:49:22 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@server.iad.liveperson[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:thomas r. france@server.iad.liveperson.net/
Expires : 10-31-2007 4:34:40 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@clickbank[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:thomas r. france@clickbank.net/
Expires : 5-2-2007 12:14:38 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:thomas r. france@questionmarket.com/
Expires : 12-26-2007 11:29:24 AM
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@adserve.webtoolcafe[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:thomas r. france@adserve.webtoolcafe.com/
Expires : 10-31-2007 3:44:16 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@adrevolver[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:thomas r. france@adrevolver.com/
Expires : 11-2-2007 5:14:30 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:thomas r. france@overture.com/
Expires : 11-1-2016 2:54:34 AM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@ads.pointroll[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:thomas r. france@ads.pointroll.com/
Expires : 12-31-2009 6:00:00 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@tribalfusion[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:33
Value : Cookie:thomas r. france@tribalfusion.com/
Expires : 12-31-2037 6:00:00 PM
LastSync : Hits:33
UseCount : 0
Hits : 33

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@z1.adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:thomas r. france@z1.adserver.com/
Expires : 11-6-2007 7:57:34 PM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@as-us.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:67
Value : Cookie:thomas r. france@as-us.falkag.net/
Expires : 11-3-2007 12:21:40 AM
LastSync : Hits:67
UseCount : 0
Hits : 67

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@ads.addynamix[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:thomas r. france@ads.addynamix.com/
Expires : 11-5-2006 1:27:08 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:thomas r. france@bluestreak.com/
Expires : 11-1-2016 8:27:08 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@perf.overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:thomas r. france@perf.overture.com/
Expires : 10-30-2010 5:11:32 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:20
Value : Cookie:thomas r. france@2o7.net/
Expires : 10-31-2011 11:09:10 PM
LastSync : Hits:20
UseCount : 0
Hits : 20

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@revenue[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:thomas r. france@revenue.net/
Expires : 6-9-2022 11:05:42 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:43
Value : Cookie:thomas r. france@zedo.com/
Expires : 10-28-2016 5:34:32 PM
LastSync : Hits:43
UseCount : 0
Hits : 43

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@a.as-us.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:thomas r. france@a.as-us.falkag.net/
Expires : 11-16-2006 11:09:50 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@qksrv[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:thomas r. france@qksrv.net/
Expires : 10-30-2011 5:11:32 PM
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@spylog[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:thomas r. france@spylog.com/
Expires : 5-2-2007 2:31:02 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 21
Objects found so far: 74

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Thomas R. France\Local Settings\Temp\Cookies\thomas r. france@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@adrevolver[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Thomas R. France\Local Settings\Temp\Cookies\thomas r. france@adrevolver[1].txt

(Continued on next post)

Hi,

I have also been getting uskyonline popups. I do have the latest release of AdAware, and also have done the WebUpdate for the newest database. I have read where you desire the log file, and shall post in here. unfortunately, it will take more than one post to do so...

Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, November 07, 2006 1:23:55 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R130 06.11.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.AdMedia(TAC index:10):4 total references
Adware.SystemProcess(TAC index:10):35 total references
AdvertBar(TAC index:5):1 total references
eUniverse(TAC index:10):2 total references
MRU List(TAC index:0):42 total references
Possible Browser Hijack attempt(TAC index:3):3 total references
Tracking Cookie(TAC index:3):42 total references
WebHancer(TAC index:9):1 total references
WinAntiVirusPro(TAC index:10):1 total references
WindUpdates(TAC index:8):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

11-7-2006 1:23:55 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Thomas R. France\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office

MRU List Object Recognized!
Location: : C:\Documents and Settings\Thomas R. France\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\adobe\adobe acrobat\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe acrobat

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\jasc\animation shop 2\fileopendialog
Description : list of recently opened files in jasc animation shop

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\jasc\animation shop 2\recent file list
Description : list of recently used files in jasc animation shop

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\jasc\animation shop 2\saveasdialog
Description : list of recently saved files in jasc animation shop

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\jasc\paint shop pro 6\recent file list
Description : list of recently used files in jasc paint shop pro

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\macromedia\flash 7\recent file list
Description : list of recently used files in macromedia flash

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\frontpage\explorer\frontpage explorer\recent file list
Description : list of recently used files in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\frontpage\explorer\frontpage explorer\recent page list
Description : list of recently used pages in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\frontpage\explorer\frontpage explorer\recent publish list
Description : list of recently published webs in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\frontpage\explorer\frontpage explorer\recent web list
Description : list of recently used webs in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\frontpage\explorer\frontpage explorer\recently created servers
Description : list of recently created servers in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\frontpage\webs\opened
Description : list of recently opened webs in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\mediaplayer\player\recenturllist
Description : list of recently used web addresses in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-2000478354-920026266-1957994488-1000\software\microsoft\windows�

TommyRay

Nov 7 2006, 05:20 PM

#:30 [dwdsregt.exe]
FilePath : C:\winnt\system32\
ProcessID : 272
ThreadCreationTime : 11-7-2006 1:37:44 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : © 2004

#:31 [ctfmon.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1468
ThreadCreationTime : 11-7-2006 1:37:46 AM
BasePriority : Normal
FileVersion : 1.00.2409.7 built by: Lab06_N
ProductVersion : 1.00.2409.7
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Cicero Loader
InternalName : CICLOAD
LegalCopyright : Copyright © Microsoft Corporation. 1981-2001
OriginalFilename : CICLOAD.EXE

#:32 [acrotray.exe]
FilePath : C:\Program Files\Adobe\Acrobat 5.0\Distillr\
ProcessID : 1504
ThreadCreationTime : 11-7-2006 1:37:51 AM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright © 2001
OriginalFilename : AcroTray.exe

#:33 [webshotstray.exe]
FilePath : C:\Program Files\Webshots\
ProcessID : 1564
ThreadCreationTime : 11-7-2006 1:38:00 AM
BasePriority : Normal
FileVersion : 1.3.0.3826
ProductVersion : 1.3.0.3826
ProductName : Webshots Tray Application
CompanyName : The Webshots Corporation
FileDescription : Webshots Desktop Tray Application
InternalName : WEBSHOTSTRAY
LegalCopyright : Copyright © 1998
OriginalFilename : WEBSHOTSTRAY.EXE

#:34 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1816
ThreadCreationTime : 11-7-2006 3:41:53 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:35 [smartsync.exe]
FilePath : C:\PROGRA~1\PDODES~1\
ProcessID : 2148
ThreadCreationTime : 11-7-2006 6:49:41 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DVSync
FileDescription : DVSync MFC Application
InternalName : DVSync
LegalCopyright : Copyright © 2000
OriginalFilename : DVSync.EXE

#:36 [tprowler.exe]
FilePath : C:\Program Files\Tomcat Web Services\Tomcat Prowler\
ProcessID : 1924
ThreadCreationTime : 11-7-2006 6:57:56 AM
BasePriority : Normal
FileVersion : 1.11.0052
ProductVersion : 1.11.0052
ProductName : Tomcat Prowler
CompanyName : Tomcat Web Services
InternalName : tprowler
OriginalFilename : tprowler.exe

#:37 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~2\
ProcessID : 2068
ThreadCreationTime : 11-7-2006 7:09:44 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 43

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.AdMedia Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0d3f3cf0-4060-4257-bf18-77ce00454146}

Adware.AdMedia Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{49217364-e570-4f9d-9cd2-62eb4780b2ee}

Adware.SystemProcess Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c2eeb4fa-b6d6-41b9-9cfa-aba87f862bcb}

AdvertBar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2000478354-920026266-1957994488-1000\software\adtools, inc.

Adware.SystemProcess Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{c2eeb4fa-b6d6-41b9-9cfa-aba87f862bcb}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 48

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : {E0CE16CB-741C-4B24-8D04-A817856E07F4} (http://cabs.media-motor.net/cabs/jenky.cab)

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://cabs.media-motor.net/cabs/jenky.cab
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E0CE16CB-741C-4B24-8D04-A817856E07F4}

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://cabs.media-motor.net/cabs/jenky.cab
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E0CE16CB-741C-4B24-8D04-A817856E07F4}
Value : Installer

Adware.SystemProcess Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment : "BlockChecker"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : BlockChecker

Adware.SystemProcess Object Recognized!
Type : File
Data : block-checker.exe
TAC Rating : 10
Category : Malware
Comment :
Object : c:\program files\block checker\
FileVersion : 1.00.0026
ProductVersion : 1.00.0026
ProductName : block-checker
InternalName : block-checker
OriginalFilename : block-checker.exe

Adware.SystemProcess Object Recognized!
Type : RegValue
Data : C:\Program Files\Block Checker\block-checker.exe
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\Program Files\Block Checker\block-checker.exe

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 53

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:41
Value : Cookie:thomas r. france@realmedia.com/
Expires : 12-31-2020 6:00:00 PM
LastSync : Hits:41
UseCount : 0
Hits : 41

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@hc2.humanclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:thomas r. france@hc2.humanclick.com/
Expires : 11-4-2007 2:49:22 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@server.iad.liveperson[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:thomas r. france@server.iad.liveperson.net/
Expires : 10-31-2007 4:34:40 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@clickbank[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:thomas r. france@clickbank.net/
Expires : 5-2-2007 12:14:38 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:thomas r. france@questionmarket.com/
Expires : 12-26-2007 11:29:24 AM
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@adserve.webtoolcafe[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:thomas r. france@adserve.webtoolcafe.com/
Expires : 10-31-2007 3:44:16 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@adrevolver[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:thomas r. france@adrevolver.com/
Expires : 11-2-2007 5:14:30 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:thomas r. france@overture.com/
Expires : 11-1-2016 2:54:34 AM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@ads.pointroll[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:thomas r. france@ads.pointroll.com/
Expires : 12-31-2009 6:00:00 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@tribalfusion[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:33
Value : Cookie:thomas r. france@tribalfusion.com/
Expires : 12-31-2037 6:00:00 PM
LastSync : Hits:33
UseCount : 0
Hits : 33

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@z1.adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:thomas r. france@z1.adserver.com/
Expires : 11-6-2007 7:57:34 PM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@as-us.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:67
Value : Cookie:thomas r. france@as-us.falkag.net/
Expires : 11-3-2007 12:21:40 AM
LastSync : Hits:67
UseCount : 0
Hits : 67

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@ads.addynamix[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:thomas r. france@ads.addynamix.com/
Expires : 11-5-2006 1:27:08 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:thomas r. france@bluestreak.com/
Expires : 11-1-2016 8:27:08 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@perf.overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:thomas r. france@perf.overture.com/
Expires : 10-30-2010 5:11:32 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:20
Value : Cookie:thomas r. france@2o7.net/
Expires : 10-31-2011 11:09:10 PM
LastSync : Hits:20
UseCount : 0
Hits : 20

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@revenue[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:thomas r. france@revenue.net/
Expires : 6-9-2022 11:05:42 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:43
Value : Cookie:thomas r. france@zedo.com/
Expires : 10-28-2016 5:34:32 PM
LastSync : Hits:43
UseCount : 0
Hits : 43

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@a.as-us.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:thomas r. france@a.as-us.falkag.net/
Expires : 11-16-2006 11:09:50 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@qksrv[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:thomas r. france@qksrv.net/
Expires : 10-30-2011 5:11:32 PM
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@spylog[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:thomas r. france@spylog.com/
Expires : 5-2-2007 2:31:02 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 21
Objects found so far: 74

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Thomas R. France\Local Settings\Temp\Cookies\thomas r. france@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@adrevolver[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Thomas R. France\Local Settings\Temp\Cookies\thomas r. france@adrevolver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@ads.addynamix[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Thomas R. France\Local Settings\Temp\Cookies\thomas r. france@ads.addynamix[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@ads.pointroll[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Thomas R. France\Local Settings\Temp\Cookies\thomas r. france@ads.pointroll[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@apmebf[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Thomas R. France\Local Settings\Temp\Cookies\thomas r. france@apmebf[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Thomas R. France\Local Settings\Temp\Cookies\thomas r. france@bluestreak[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@c5.zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Thomas R. France\Local Settings\Temp\Cookies\thomas r. france@c5.zedo[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@casalemedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Thomas R. France\Local Settings\Temp\Cookies\thomas r. france@casalemedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@edge.ru4[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Thomas R. France\Local Settings\Temp\Cookies\thomas r. france@edge.ru4[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@fastclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Thomas R. France\Local Settings\Temp\Cookies\thomas r. france@fastclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@perf.overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Thomas R. France\Local Settings\Temp\Cookies\thomas r. france@perf.overture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@qksrv[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Thomas R. France\Local Settings\Temp\Cookies\thomas r. france@qksrv[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Thomas R. France\Local Settings\Temp\Cookies\thomas r. france@realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@reduxads.valuead[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Thomas R. France\Local Settings\Temp\Cookies\thomas r. france@reduxads.valuead[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@revenue[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Thomas R. France\Local Settings\Temp\Cookies\thomas r. france@revenue[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@server.iad.liveperson[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Thomas R. France\Local Settings\Temp\Cookies\thomas r. france@server.iad.liveperson[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Thomas R. France\Local Settings\Temp\Cookies\thomas r. france@statcounter[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@trafficmp[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Thomas R. France\Local Settings\Temp\Cookies\thomas r. france@trafficmp[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Thomas R. France\Local Settings\Temp\Cookies\thomas r. france@tribalfusion[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas r. france@zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Thomas R. France\Local Settings\Temp\Cookies\thomas r. france@zedo[1].txt

WindUpdates Object Recognized!
Type : File
Data : WinCtlAd.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\Program Files\Windows ControlAd\

WinAntiVirusPro Object Recognized!
Type : File
Data : UWA6P_0001_N91M1807NetInstaller.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINNT\Downloaded Program Files\

Adware.SystemProcess Object Recognized!
Type : File
Data : ccapp.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINNT\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : System Process
FileDescription : System Process
InternalName : ccapp.exe
OriginalFilename : ccapp.exe
Comments : System Process

Adware.SystemProcess Object Recognized!
Type : File
Data : navshext.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINNT\system32\

WebHancer Object Recognized!
Type : File
Data : webhdll.dll_tobedeleted
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\WINNT\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : webhdll.dll

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 99

Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : susan@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : F:\Documents and Settings\Susan\Cookies\susan@2o7[1].txt

eUniverse Object Recognized!
Type : File
Data : incredifind.exe
TAC Rating : 10
Category : Data Miner
Comment :
Object : F:\Xitami\webpages\FREEWARE\FILES\

eUniverse Object Recognized!
Type : File
Data : incredifind.exe
TAC Rating : 10
Category : Data Miner
Comment :
Object : F:\_____TOMS_____\New-Appz\

Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 102

Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 102

Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Women Seeking Men near Janesville.url
TAC Rating : 10
Category : Misc
Comment : Problematic URL discovered: http://adultfriendfinder.com/search/g11327....E&models=0
Object : C:\Documents and Settings\Thomas R. France\Desktop\

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.SystemProcess Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\internet settings\p3p\history\anrdoezrs.net

Adware.SystemProcess Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\internet settings\p3p\history\bfast.com

Adware.SystemProcess Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\internet settings\p3p\history\cc-dt.com

Adware.SystemProcess Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\internet settings\p3p\history\commission-junction.com

Adware.SystemProcess Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\internet settings\p3p\history\dpbolvw.net

Adware.SystemProcess Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\internet settings\p3p\history\fastclick.com

Adware.SystemProcess Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\internet settings\p3p\history\fastclick.net

Adware.SystemProcess Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\internet settings\p3p\history\jdoqocy.com

Adware.SystemProcess Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\internet settings\p3p\history\kqzyfj.com

Adware.SystemProcess Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\internet settings\p3p\history\linksynergy.com

Adware.SystemProcess Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\internet settings\p3p\history\qksrv.net

Adware.SystemProcess Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\internet settings\p3p\history\tkqlhce.com

Adware.SystemProcess Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\vb and vba program settings\imadvertiser\aol

Adware.SystemProcess Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\vb and vba program settings\imadvertiser\aol
Value : LastDate

Adware.SystemProcess Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\vb and vba program settings\imadvertiser\msn

Adware.SystemProcess Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\vb and vba program settings\imadvertiser\msn
Value : LastDate

Adware.SystemProcess Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\vb and vba program settings\imadvertiser\yahoo

Adware.SystemProcess Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\vb and vba program settings\imadvertiser\yahoo
Value : LastDate

Adware.SystemProcess Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\system process

Adware.SystemProcess Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\system process
Value : Started

Adware.SystemProcess Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\system process
Value : Installed

Adware.SystemProcess Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\system process
Value : LastUpdateTime

Adware.SystemProcess Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\system process
Value : DllVer

Adware.SystemProcess Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows\allow
Value : *.system-processes.com

Adware.SystemProcess Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\shareddlls
Value : C:\Program Files\Block Checker\block-checker.exe

Adware.SystemProcess Object Recognized!
Type : Folder
TAC Rating : 10
Category : Malware
Comment : Adware.SystemProcess
Object : C:\Program Files\Block Checker

Adware.SystemProcess Object Recognized!
Type : File
Data : ~DF261A.tmp
TAC Rating : 10
Category : Malware
Comment :
Object : C:\DOCUME~1\THOMAS~1.FRA\LOCALS~1\Temp\

Adware.AdMedia Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\internet settings\zonemap\domains\media-motor.net

Adware.AdMedia Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\internet settings\zonemap\domains\mmohsix.com

WindUpdates Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

WindUpdates Object Recognized!
Type : RegData
Data : no
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Error Dlg Details Pane Open
Data : no

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 31
Objects found so far: 134

3:01:28 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:01:37:33.26
Objects scanned:382490
Objects identified:92
Objects ignored:0
New critical objects:92

TommyRay

Nov 7 2006, 05:33 PM

Also, here is my HijackThis Logfile...

Logfile of HijackThis v1.99.1
Scan saved at 10:38:39 AM, on 11/7/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
F:\Xitami\xiwin32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AOpen\Mouse\Amoumain.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINNT\octeltpop.exe
C:\winnt\system32\dwdsregt.exe
C:\PROGRA~1\PDODES~1\SmartSync.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Tomcat Web Services\Tomcat Prowler\tprowler.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Tomcat Web Services\Tomcat Prowler\tprowler.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tomcat.ws/prowler/home/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {871A54C1-1EB3-48bd-A879-5DBA4EF16BE6} - C:\WINNT\system32\jsfkubmm.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINNT\system32\qwpbgeth.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [xitami] F:\Xitami\xiwin32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\AOpen\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [LinkZilla] c:\program files\companionlink\SmartSync.Exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [startemdoit] C:\WINNT\eltonehour.exe
O4 - HKLM\..\Run: [1pop06apelt3] C:\WINNT\octeltpop.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINNT\system32\pwinopem.exe ELT001
O4 - HKLM\..\Run: [{70-0A-A5-5A-ZN}] C:\winnt\system32\dwdsregt.exe ELT001
O4 - HKCU\..\Run: [LinkZilla] C:\PROGRA~1\PDODES~1\SmartSync.exe
O4 - HKCU\..\Run: [SmartSync] C:\PROGRA~1\COMPAN~1\SmartSync.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [ProvideSupportOperatorConsole[default]] "C:\Program Files\Provide Support\Live Support Chat for Web Site\ProvideSupportConsole.exe" /profile default
O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Felix2.exe
O4 - Startup: TA_Start.lnk = C:\WINNT\system32\ondsregn.exe
O4 - Startup: Think-Adz.lnk = C:\WINNT\system32\pwinopem.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Program Files\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: TomCat Instant Messenger.lnk = C:\Program Files\TomCat PC Services\tcim10.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...US_ZUxdm241YYUS
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.freewebs.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://www.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted IP range: http://69.60.115.234
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.2.2.66/aces...s-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.2.2.51/slot...a-ob-assets.cab
O16 - DPF: Armored Attack by pogo - http://game1.pogo.com/applet-6.2.1.34/ccta...k-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.5.3.44/batt...hlinx-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.2.2.51/blac...k-ob-assets.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.2.1.41/ches...2-ob-assets.cab
O16 - DPF: ConferenceRoom Java Client - http://pix.sexyads.net:8080/java/cr.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.4.0.48/chec...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.2.2.51/domi...o-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.2.1.27/supe...o-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.1.27/harv...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.2.1.34/hear...s-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.2.2.51/jigs...w-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.5.5.36/gin/gin-en_US.cab
O16 - DPF: Keno by pogo - http://game1.pogo.com/applet-6.4.3.28/keno...o-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.2.1.27/mlsl...s-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.2.1.41/free...l-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/wate...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.5.2.26/flin...inger-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.2.1.27/popf...u-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-6.2.1.41/slot...i-ob-assets.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.2.2.51/slot...2-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.2.51/sque...s-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.2.1.41/swee...h-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.2.1.34/peak...s-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.2.1.27/whac...n-ob-assets.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/cab/prod/DD_v4.CAB
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {4C57C98A-E582-46E4-8FD8-5EBDC94CEA39} - http://www.mindjet.com/viewer/eng/MjMmViewer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/eliteview.cab
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {761F3747-5612-4C4D-8F42-DB6C4E2AA3EF} (Talker4) - http://avvy.digitalspace.com/talker/code/talker4.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://extremecam1.jvlnet.com/activex/AxisCamControl.cab
O16 - DPF: {9DDFB297-9ED8-421D-B2AC-372A0F36E6C5} (REBOL/Plugin Object) - http://www.rebol.com/plugin/rebolb5.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...eed/install.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - http://www.live365.com/players/play365.cab
O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} - http://dist.belnk.com/4/download/hdplugin_...ndle69v3d43.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://playweb14.pogo.com/game/deluxe/zuma...aploader_v6.cab
O16 - DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} (PWLNINST Control) - http://www.platoweb.com/pathways/pway_iis....ab/pwlninst.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.clickteam.com/vitalize3/vitalize.cab
O20 - Winlogon Notify: ftpfont - C:\WINNT\$NtUninstallKB893066$\ftpfont.dll (file missing)
O20 - Winlogon Notify: olesvr - C:\WINNT\Fonts\olesvr.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

LS CalamityJane

Nov 11 2006, 06:51 PM

I'm going to split your posts here off into your own new topic.

You've gotten quite a mess there.

Let's start with this free tool please:

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe

2. Double click on combofix.exe & follow the prompts.

Note: If you receive a popup with a Disclaimer, read that and answer Y for yes (or N for no)
Y is recommended (if you put N, the tool will exit without fixing and will remove the combofix file and folders)

Do NOT click on the window while the fix is running, because that will cause your system to hang and the fix to stall.

3. When finished, it shall produce a log for you. Post that log in your next reply

Reboot your PC and scan again with Hijackthis and post the new log from that scan also please.

TommyRay

Nov 13 2006, 12:27 AM

QUOTE(LS CalamityJane @ Nov 11 2006, 11:51 AM)

I'm going to split your posts here off into your own new topic.

You've gotten quite a mess there.

Hi Jane!

LOL, yah, I know, I was cringing about the log files before sending. I did do both, and here are the log files from hijackthis and the combofix application you suggested;

COMBOFIX LOG:

Sun 11/12/2006 12:39:41.66 Service Pack 4
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Thomas R. France\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINNT\system32\dwdsregt.exe

((((((((((((((((((((((((((((((( Files Created from 2006-10-12 to 2006-11-12 ))))))))))))))))))))))))))))))))))

2006-11-04 22:24 71,680 --a------ C:\WINNT\system32\navshext2.dll
2006-10-30 15:27 951,967 --a------ C:\FIWWSetup.exe
2006-10-28 10:11 32,768 --a------ C:\unstall.exe
2006-10-27 11:39 45,093 --a------ C:\WINNT\system32\ondsregn.exe
2006-10-27 11:32 971 --a------ C:\WINNT\system32\winpfg32.sys
2006-10-27 11:32 122,900 --a------ C:\WINNT\system32\jsfkubmm.dll
2006-10-27 11:31 53,248 --a------ C:\WINNT\ab_02.exe
2006-10-27 11:31 45,065 --a------ C:\WINNT\TIELT001.exe
2006-10-27 11:31 45,056 --a------ C:\WINNT\octeltpop.exe
2006-10-27 11:31 433,632 --a------ C:\WINNT\hancerdoem.exe
2006-10-27 11:31 217,346 --a------ C:\WINNT\Setup90.exe
2006-10-27 11:31 172,113 --a------ C:\WINNT\system32\pwinopem.exe
2006-10-27 11:31 139,264 --a------ C:\WINNT\MirarSetup_876057.exe
2006-10-27 10:30 65,536 --a------ C:\WINNT\eltonehour.exe
2006-10-27 10:30 36,864 --a------ C:\WINNT\unstall.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-11 23:36 -------- d-------- C:\Program Files\Morpheus
2006-11-11 02:01 -------- d-------- C:\Program Files\Viewpoint
2006-11-09 22:05 -------- d-------- C:\Documents and Settings\Thomas R. France\Application Data\Yahoo!
2006-11-07 22:42 -------- d-------- C:\Program Files\WS_FTP
2006-11-07 05:38 -------- d-------- C:\Program Files\Windows ControlAd
2006-11-07 01:09 -------- d-------- C:\Program Files\Lavasoft
2006-11-07 01:09 -------- d-------- C:\Documents and Settings\Thomas R. France\Application Data\Lavasoft
2006-11-01 05:14 -------- d-------- C:\Documents and Settings\Thomas R. France\Application Data\Block Checker
2006-10-31 14:28 23247 --ahs---- C:\Documents and Settings\Thomas R. France\Application Data\7865393B774641D4BA472E8D97739124.rul
2006-10-31 14:28 10912 --ahs---- C:\Documents and Settings\Thomas R. France\Application Data\7865393B774641D4BA472E8D97739124.sta
2006-10-30 11:44 -------- d-------- C:\Program Files\Paint Shop Pro 6
2006-10-27 11:31 -------- d-------- C:\Program Files\em
2006-10-26 12:53 -------- d-------- C:\Program Files\QuarkXPress
2006-10-23 08:03 -------- d-------- C:\Program Files\Webshots
2006-10-08 21:36 74752 --a------ C:\WINNT\ST6UNST.EXE
2006-10-08 21:28 8464 --a------ C:\WINNT\system32\sporder.dll
2006-10-08 21:28 -------- d-------- C:\Program Files\filesubmit
2006-10-06 23:02 -------- d-------- C:\Documents and Settings\Thomas R. France\Application Data\Corel
2006-10-06 22:43 -------- d-------- C:\Program Files\Corel
2006-10-06 22:33 -------- d-------- C:\Program Files\Quark
2006-09-27 19:44 778656 --a------ C:\WINNT\system32\drivers\avg7core.sys
2006-09-18 16:42 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-18 16:41 -------- d-a------ C:\Program Files\Common Files
2006-09-18 16:41 -------- d-------- C:\Documents and Settings\Thomas R. France\Application Data\MailWasher
2006-09-12 05:48 1713536 --a------ C:\WINNT\system32\NTKRNLPA.EXE
2006-09-12 05:48 1690880 --a------ C:\WINNT\system32\NTOSKRNL.EXE
2006-09-10 13:18 179 --a------ C:\Delme.bat

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LinkZilla"="C:\\PROGRA~1\\PDODES~1\\SmartSync.exe"
"SmartSync"="C:\\PROGRA~1\\COMPAN~1\\SmartSync.exe"
"ctfmon.exe"="ctfmon.exe"
"ProvideSupportOperatorConsole[default]"="\"C:\\Program Files\\Provide Support\\Live Support Chat for Web Site\\ProvideSupportConsole.exe\" /profile default"
"DynDNS Updater"="\"C:\\Program Files\\DynDNS Updater\\DynDNS.exe\""
"Felix II"="C:\\Program Files\\ScreenMates\\Felix II\\Felix2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"xitami"="F:\\Xitami\\xiwin32.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"WheelMouse"="C:\\PROGRA~1\\AOpen\\Mouse\\Amoumain.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINNT\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINNT\\system32\\NvMcTray.dll,NvTaskbarInit"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"LinkZilla"="c:\\program files\\companionlink\\SmartSync.Exe"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"Share-to-Web Namespace Daemon"="c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"Tsl"="C:\\PROGRA~1\\COMMON~1\\tsa\\tsl.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\WINNT\\system32\\NeroCheck.exe"
"Lexmark X73 Button Monitor"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X73.exe"
"Lexmark X73 Button Manager"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X73.exe"
"PrinTray"="C:\\WINNT\\system32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"startemdoit"="C:\\WINNT\\eltonehour.exe"
"{70-0A-A5-5A-ZN}"="C:\\winnt\\system32\\dwdsregt.exe ELT001"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"CDRAutoRun"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ftpfont
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\olesvr

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

Completion time: Sun 2006-11-12 12:42:01.17
C:\ComboFix.txt ... 06-11-12 12:42

HIJACK THIS LOG FILE:

Logfile of HijackThis v1.99.1
Scan saved at 5:25:43 PM, on 11/12/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
F:\Xitami\xiwin32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AOpen\Mouse\Amoumain.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINNT\eltonehour.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\PDODES~1\SmartSync.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
c:\winnt\system32\dwdsregt.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tomcat.ws/prowler/home/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {871A54C1-1EB3-48bd-A879-5DBA4EF16BE6} - C:\WINNT\system32\jsfkubmm.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINNT\system32\qwpbgeth.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [xitami] F:\Xitami\xiwin32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\AOpen\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [LinkZilla] c:\program files\companionlink\SmartSync.Exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [startemdoit] C:\WINNT\eltonehour.exe
O4 - HKLM\..\Run: [{70-0A-A5-5A-ZN}] c:\winnt\system32\dwdsregt.exe ELT001
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINNT\system32\pwinopem.exe ELT001
O4 - HKCU\..\Run: [LinkZilla] C:\PROGRA~1\PDODES~1\SmartSync.exe
O4 - HKCU\..\Run: [SmartSync] C:\PROGRA~1\COMPAN~1\SmartSync.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [ProvideSupportOperatorConsole[default]] "C:\Program Files\Provide Support\Live Support Chat for Web Site\ProvideSupportConsole.exe" /profile default
O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Felix2.exe
O4 - Startup: TA_Start.lnk = C:\WINNT\system32\ondsregn.exe
O4 - Startup: Think-Adz.lnk = C:\WINNT\system32\pwinopem.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Program Files\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: TomCat Instant Messenger.lnk = C:\Program Files\TomCat PC Services\tcim10.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...US_ZUxdm241YYUS
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.freewebs.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://www.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted IP range: http://69.60.115.234
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.2.2.66/aces...s-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.2.2.51/slot...a-ob-assets.cab
O16 - DPF: Armored Attack by pogo - http://game1.pogo.com/applet-6.2.1.34/ccta...k-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.5.3.44/batt...hlinx-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.2.2.51/blac...k-ob-assets.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.2.1.41/ches...2-ob-assets.cab
O16 - DPF: ConferenceRoom Java Client - http://pix.sexyads.net:8080/java/cr.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.4.0.48/chec...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.2.2.51/domi...o-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.2.1.27/supe...o-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.1.27/harv...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.2.1.34/hear...s-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.2.2.51/jigs...w-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.5.5.36/gin/gin-en_US.cab
O16 - DPF: Keno by pogo - http://game1.pogo.com/applet-6.4.3.28/keno...o-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.2.1.27/mlsl...s-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.2.1.41/free...l-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/wate...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.5.2.26/flin...inger-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.2.1.27/popf...u-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-6.2.1.41/slot...i-ob-assets.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.2.2.51/slot...2-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.2.51/sque...s-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.2.1.41/swee...h-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.2.1.34/peak...s-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.2.1.27/whac...n-ob-assets.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/cab/prod/DD_v4.CAB
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {4C57C98A-E582-46E4-8FD8-5EBDC94CEA39} - http://www.mindjet.com/viewer/eng/MjMmViewer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/eliteview.cab
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {761F3747-5612-4C4D-8F42-DB6C4E2AA3EF} (Talker4) - http://avvy.digitalspace.com/talker/code/talker4.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://extremecam1.jvlnet.com/activex/AxisCamControl.cab
O16 - DPF: {9DDFB297-9ED8-421D-B2AC-372A0F36E6C5} (REBOL/Plugin Object) - http://www.rebol.com/plugin/rebolb5.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...eed/install.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - http://www.live365.com/players/play365.cab
O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} - http://dist.belnk.com/4/download/hdplugin_...ndle69v3d43.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://playweb14.pogo.com/game/deluxe/zuma...aploader_v6.cab
O16 - DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} (PWLNINST Control) - http://www.platoweb.com/pathways/pway_iis....ab/pwlninst.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.clickteam.com/vitalize3/vitalize.cab
O20 - Winlogon Notify: ftpfont - C:\WINNT\$NtUninstallKB893066$\ftpfont.dll (file missing)
O20 - Winlogon Notify: olesvr - C:\WINNT\Fonts\olesvr.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

I would have uploaded the second log file, but your system wont take files with that extension, ecen though it is straight ascii text. Maybe I should have used a different extension, but it all fit in here, so I just pasted it in. THANK YOU for your assistance!!!

-Tom

LS CalamityJane

Nov 13 2006, 12:46 AM

Hi Tom,

Actually pasting in is the best method and easiest for us to review. Thanks!

Give me a little bit to digest these and I'll come back with a reply with some steps to take.

LS CalamityJane

Nov 13 2006, 01:15 AM

Most of this is EliteMedia nastiness - but a couple of files look new and I'd like to examine them, then post the fix all in one go.

You have a couple of suspicious files I'd like to examine further to determine what it is and the best way to remove it.

Go here to upload the files as attachments
http://www.thespykiller.co.uk/forum/index.php?board=1.0
Just press new topic (Make the subject: For CalamityJane from TommyRay at LS ),
fill in a short message & then press the browse button and then navigate to & select these files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press the *Post* button to upload the files

Files to attach for upload:

C:\WINNT\eltonehour.exe
C:\WINNT\system32\ondsregn.exe
C:\WINNT\system32\pwinopem.exe

You DO NOT need to register to start a topic or upload, anybody can upload the files

You will not see the files that have been uploaded as they only show to the authorized users who can download them. However, I will be able to see it and collect it from there and will reply to you back here in this forum with the results.