Kockstarinc

Members
  • Content Count

    4
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Kockstarinc

  • Rank
    Newbie
  1. I'm following along as I have the sam e problem, also braving the safe mode process. thanks for the help Calamity Jane!
  2. hijack this logfile Logfile of HijackThis v1.99.1 Scan saved at 1:53:42 PM, on 8/5/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\cisvc.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe C:\Program Files\Lexmark X74-X75\lxbbbmon.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\System32\smartdrv.exe C:\WINDOWS\System32\officescan.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Microsoft Money\System\urlmap.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Tuesday\LOCALS~1\Temp\Rar$EX00.656\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file) O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file) O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file) O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: office_pnl.office_panel - {B53455DB-5527-4041-AC41-F86E6947AA47} - C:\WINDOWS\System32\office_pnl.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [MCAgentExe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" O4 - HKLM\..\Run: [DwlClient] "C:\Program Files\Common Files\Dell\EUSW\Support.exe" O4 - HKLM\..\Run: [Media-Search] "C:\Program Files\msnet\v9\msnet.EXE" /H O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\System32\runsrv32.exe O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\System32\susp.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Weather] "C:\Program Files\AWS\WeatherBug\Weather.exe" 1 O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for ôå: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  3. ad aware log file cont.... FakeAlert Object Recognized! Type : File Data : alxie328.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\ FakeAlert Object Recognized! Type : File Data : BTGrab.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\ FakeAlert Object Recognized! Type : File Data : dlmax.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\ FakeAlert Object Recognized! Type : File Data : infected.gif TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\ FakeAlert Object Recognized! Type : File Data : Pynix.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\ FakeAlert Object Recognized! Type : File Data : susp.exe TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\ FakeAlert Object Recognized! Type : File Data : win_logo.gif TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\ FakeAlert Object Recognized! Type : File Data : ZServ.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\ FakeAlert Object Recognized! Type : File Data : a.exe TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\System32\ FakeAlert Object Recognized! Type : File Data : bridge.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\System32\ FakeAlert Object Recognized! Type : File Data : jao.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\System32\ FakeAlert Object Recognized! Type : File Data : questmod.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\System32\ FakeAlert Object Recognized! Type : File Data : runsrv32.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\System32\ FakeAlert Object Recognized! Type : File Data : runsrv32.exe TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\System32\ FakeAlert Object Recognized! Type : File Data : tcpservice2.exe TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\System32\ FakeAlert Object Recognized! Type : File Data : txfdb32.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\System32\ FakeAlert Object Recognized! Type : File Data : udpmod.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\System32\ FakeAlert Object Recognized! Type : File Data : wstart.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\System32\ WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{4fdbdbad-fefe-4c4c-9cc1-1181052afb12} WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bridge WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\bridge.brdg WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\jao.jao CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\downloadmanager CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\urlsearchhooks CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Use Custom Search URL CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Search Bar CoolWebSearch Object Recognized! Type : RegData Data : about:blank TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Start Page Data : about:blank SCBAR Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\restore SCBAR Object Recognized! Type : Folder TAC Rating : 3 Category : Data Miner Comment : SCBAR Object : C:\Documents and Settings\Tuesday\Favorites\-Autos- SCBAR Object Recognized! Type : Folder TAC Rating : 3 Category : Data Miner Comment : SCBAR Object : C:\Documents and Settings\Tuesday\Favorites\-Business Directory- SCBAR Object Recognized! Type : Folder TAC Rating : 3 Category : Data Miner Comment : SCBAR Object : C:\Documents and Settings\Tuesday\Favorites\-Communications- SCBAR Object Recognized! Type : Folder TAC Rating : 3 Category : Data Miner Comment : SCBAR Object : C:\Documents and Settings\Tuesday\Favorites\-Computers and Internet- SCBAR Object Recognized! Type : Folder TAC Rating : 3 Category : Data Miner Comment : SCBAR Object : C:\Documents and Settings\Tuesday\Favorites\-Entertainment- SCBAR Object Recognized! Type : Folder TAC Rating : 3 Category : Data Miner Comment : SCBAR Object : C:\Documents and Settings\Tuesday\Favorites\-Games- SCBAR Object Recognized! Type : Folder TAC Rating : 3 Category : Data Miner Comment : SCBAR Object : C:\Documents and Settings\Tuesday\Favorites\-Health and Fitness- SCBAR Object Recognized! Type : Folder TAC Rating : 3 Category : Data Miner Comment : SCBAR Object : C:\Documents and Settings\Tuesday\Favorites\-Music- SCBAR Object Recognized! Type : Folder TAC Rating : 3 Category : Data Miner Comment : SCBAR Object : C:\Documents and Settings\Tuesday\Favorites\-Shopping- SCBAR Object Recognized! Type : Folder TAC Rating : 3 Category : Data Miner Comment : SCBAR Object : C:\Documents and Settings\Tuesday\Favorites\-Sports- SCBAR Object Recognized! Type : Folder TAC Rating : 3 Category : Data Miner Comment : SCBAR Object : C:\Documents and Settings\Tuesday\Favorites\-Travel- Other Object Recognized! Type : File Data : OSA.EXE-28494AD2.pf TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\prefetch\ Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 49 Objects found so far: 120 1:46:14 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:11:20.828 Objects scanned:155470 Objects identified:106 Objects ignored:0 New critical objects:106 Hijack this log file to follow
  4. This thing seems impossible to get rid of, someone please help me! Ad-Aware SE Build 1.06r1 Logfile Created on:Saturday, August 05, 2006 1:34:53 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R117 03.08.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Adware.Admess(TAC index:5):6 total references Alexa(TAC index:5):17 total references CoolWebSearch(TAC index:10):6 total references DailyToolbar(TAC index:5):14 total references FakeAlert(TAC index:5):25 total references MRU List(TAC index:0):15 total references Other(TAC index:5):1 total references SCBAR(TAC index:3):14 total references Tracking Cookie(TAC index:3):1 total references Transponder(TAC index:10):1 total references Win32.Generic.PWS(TAC index:10):3 total references WinFavorites(TAC index:6):12 total references VX2(TAC index:10):5 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 8-5-2006 1:34:53 PM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\Tuesday\recent Description : list of recently opened documents MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-2248498706-372289565-2080930989-1006\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-2248498706-372289565-2080930989-1006\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-2248498706-372289565-2080930989-1006\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-2248498706-372289565-2080930989-1006\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-2248498706-372289565-2080930989-1006\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-2248498706-372289565-2080930989-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-2248498706-372289565-2080930989-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-2248498706-372289565-2080930989-1006\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-2248498706-372289565-2080930989-1006\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 568 ThreadCreationTime : 8-5-2006 6:54:01 AM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 648 ThreadCreationTime : 8-5-2006 6:54:04 AM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 672 ThreadCreationTime : 8-5-2006 6:54:04 AM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 716 ThreadCreationTime : 8-5-2006 6:54:04 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 728 ThreadCreationTime : 8-5-2006 6:54:04 AM BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 908 ThreadCreationTime : 8-5-2006 6:54:05 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 988 ThreadCreationTime : 8-5-2006 6:54:05 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1200 ThreadCreationTime : 8-5-2006 6:54:06 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1264 ThreadCreationTime : 8-5-2006 6:54:06 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1396 ThreadCreationTime : 8-5-2006 6:54:07 AM BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:11 [lexbces.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1496 ThreadCreationTime : 8-5-2006 6:54:07 AM BasePriority : Normal FileVersion : 7.4 ProductVersion : 7.4 ProductName : MarkVision for Windows (32 bit) CompanyName : Lexmark International, Inc. FileDescription : LexBce Service InternalName : LexBce Service LegalCopyright : © 1993 - 2002 Lexmark International, Inc. OriginalFilename : LexBceS.exe #:12 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1532 ThreadCreationTime : 8-5-2006 6:54:07 AM BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:13 [lexpps.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1564 ThreadCreationTime : 8-5-2006 6:54:07 AM BasePriority : Normal FileVersion : 7.4 ProductVersion : 7.4 ProductName : MarkVision for Windows (32 bit) CompanyName : Lexmark International, Inc. FileDescription : LEXPPS.EXE InternalName : LEXPPS LegalCopyright : © 1993 - 2002 Lexmark International, Inc. OriginalFilename : LEXPPS.EXE Comments : MarkVision for Windows '95 New P2P Server (32-bit) #:14 [cisvc.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1908 ThreadCreationTime : 8-5-2006 6:54:14 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Content Index service InternalName : cisvc.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : cisvc.exe #:15 [mcvsrte.exe] FilePath : c:\PROGRA~1\mcafee.com\vso\ ProcessID : 1940 ThreadCreationTime : 8-5-2006 6:54:14 AM BasePriority : Normal FileVersion : 4, 4, 0, 10 ProductVersion : 4, 4, 0, 0 ProductName : McAfee.com VirusScan Online CompanyName : Mcafee.com Corporation FileDescription : McAfee.com VirusScan Online Realtime Engine InternalName : mcvsrte LegalCopyright : Copyright © 1998-2002 McAfee.com Corporation OriginalFilename : mcvsrte.exe #:16 [mpfservice.exe] FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\ ProcessID : 1960 ThreadCreationTime : 8-5-2006 6:54:14 AM BasePriority : Normal FileVersion : 4.1.0.1 ProductVersion : 4.1.0.1 ProductName : McAfee.com Personal Firewall CompanyName : McAfee.com Corporation FileDescription : McAfee.com Personal Firewall Service InternalName : MPFService LegalCopyright : Copyright © 2000,2001 OriginalFilename : MpfService.exe Comments : McAfee.com Personal Firewall Service #:17 [nvsvc32.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2020 ThreadCreationTime : 8-5-2006 6:54:18 AM BasePriority : Normal FileVersion : 6.13.10.2841 ProductVersion : 6.13.10.2841 ProductName : NVIDIA Driver Helper Service, Version 28.41 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 28.41 InternalName : NVSVC LegalCopyright : © NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:18 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 136 ThreadCreationTime : 8-5-2006 6:54:18 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:19 [wanmpsvc.exe] FilePath : C:\WINDOWS\ ProcessID : 184 ThreadCreationTime : 8-5-2006 6:54:18 AM BasePriority : Normal FileVersion : 7, 0, 0, 2 ProductVersion : 7, 0, 0, 2 ProductName : America Online CompanyName : America Online, Inc. FileDescription : Wan Miniport (ATW) Service InternalName : WanMPSvc LegalCopyright : Copyright © 2001 America Online, Inc. OriginalFilename : WanMPSvc.exe #:20 [spysweeper.exe] FilePath : C:\Program Files\Webroot\Spy Sweeper\ ProcessID : 196 ThreadCreationTime : 8-5-2006 6:54:18 AM BasePriority : Normal FileVersion : 3,0,5,1286 ProductVersion : 3, 0 ProductName : Spy Sweeper SDK CompanyName : Webroot Software, Inc. FileDescription : Spy Sweeper Engine LegalCopyright : Copyright © 2002 - 2006, All Rights Reserved. LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc. OriginalFilename : SpySweeper.exe #:21 [mcshield.exe] FilePath : c:\PROGRA~1\mcafee.com\vso\ ProcessID : 512 ThreadCreationTime : 8-5-2006 6:54:24 AM BasePriority : High #:22 [mpfagent.exe] FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\ ProcessID : 620 ThreadCreationTime : 8-5-2006 6:54:27 AM BasePriority : Normal FileVersion : 4.1.0.1 ProductVersion : 4.1.0.1 ProductName : McAfee.com Personal Firewall (MPF) CompanyName : McAfee.com Corporation FileDescription : McAfee.com Personal Firewall Agent Interface InternalName : MpfTray LegalCopyright : Copyright ©2000,2001 by McAfee.com OriginalFilename : MPFTRAY.EXE Comments : McAfee.com Personal Firewall Security Center Module #:23 [cidaemon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1332 ThreadCreationTime : 8-5-2006 7:01:45 AM BasePriority : Idle FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Indexing Service filter daemon InternalName : cidaemon.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : cidaemon.exe #:24 [cidaemon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1372 ThreadCreationTime : 8-5-2006 7:01:48 AM BasePriority : Idle FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Indexing Service filter daemon InternalName : cidaemon.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : cidaemon.exe #:25 [bcmsmmsg.exe] FilePath : C:\WINDOWS\ ProcessID : 1424 ThreadCreationTime : 8-5-2006 6:00:13 PM BasePriority : Normal FileVersion : 3.4.19 05/16/2002 17:32:21 ProductVersion : 3.4.19 05/16/2002 17:32:21 ProductName : BCM Modem Messaging Applet CompanyName : Broadcom Corporation FileDescription : Modem Messaging Applet InternalName : smdmstat.exe LegalCopyright : Copyright © Broadcom Corporation 1998-2000 OriginalFilename : smdmstat.exe #:26 [dsentry.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1732 ThreadCreationTime : 8-5-2006 6:00:13 PM BasePriority : Normal FileVersion : 1, 0, 2, 0 ProductVersion : 1, 0, 2, 0 ProductName : Dell - DVDSentry CompanyName : Dell - Advanced Desktop Engineering FileDescription : DVDSentry InternalName : DVDSentry LegalCopyright : Copyright © 2002 Dell OriginalFilename : DSentry.exe Comments : DVDSentry launches your software DVD player when a DVD is inserted. #:27 [directcd.exe] FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\ ProcessID : 860 ThreadCreationTime : 8-5-2006 6:00:26 PM BasePriority : Normal FileVersion : 5.2.0.91 ProductVersion : 5.2.0.91 ProductName : DirectCD CompanyName : Roxio FileDescription : DirectCD Application InternalName : DirectCD LegalCopyright : Copyright © 2001-2002, Roxio, Inc. OriginalFilename : Directcd.exe #:28 [mcvsshld.exe] FilePath : C:\PROGRA~1\mcafee.com\vso\ ProcessID : 208 ThreadCreationTime : 8-5-2006 6:00:27 PM BasePriority : Normal FileVersion : 4, 4, 0, 10 ProductVersion : 4, 4, 0, 0 ProductName : McAfee.com VirusScan Online CompanyName : Mcafee.com Corporation FileDescription : McAfee.com ActiveShield InternalName : msvcshld LegalCopyright : Copyright © 1998-2002 McAfee.com Corporation OriginalFilename : mcvsshld.exe #:29 [lxbbbmgr.exe] FilePath : C:\Program Files\Lexmark X74-X75\ ProcessID : 392 ThreadCreationTime : 8-5-2006 6:00:28 PM BasePriority : Normal FileVersion : 1.0.6.0 ProductVersion : 1.0.6.0 ProductName : Button Manager Executable CompanyName : Lexmark International, Inc. FileDescription : Lexmark X74-X75 Button Manager InternalName : lxbbbmgr.exe LegalCopyright : © 2002 Lexmark International, Inc. OriginalFilename : lxbbbmgr.exe #:30 [lxbbbmon.exe] FilePath : C:\Program Files\Lexmark X74-X75\ ProcessID : 1852 ThreadCreationTime : 8-5-2006 6:00:30 PM BasePriority : Normal FileVersion : 1.0.6.0 ProductVersion : 1.0.6.0 ProductName : Button Monitor Executable CompanyName : Lexmark International, Inc. FileDescription : Lexmark X74-X75 Button Monitor InternalName : lxbbbmon.exe LegalCopyright : © 2002 Lexmark International, Inc. OriginalFilename : lxbbbmon.exe #:31 [qttask.exe] FilePath : C:\Program Files\QuickTime\ ProcessID : 552 ThreadCreationTime : 8-5-2006 6:00:36 PM BasePriority : Normal FileVersion : 7.0.4 ProductVersion : QuickTime 7.0.4 ProductName : QuickTime CompanyName : Apple Computer, Inc. FileDescription : QuickTime Task InternalName : QuickTime Task LegalCopyright : Copyright Apple Computer, Inc. 1989-2006 OriginalFilename : QTTask.exe #:32 [viewmgr.exe] FilePath : C:\Program Files\Viewpoint\Viewpoint Manager\ ProcessID : 1804 ThreadCreationTime : 8-5-2006 6:00:37 PM BasePriority : Normal FileVersion : 2, 0, 0, 42 ProductVersion : 2, 0, 0, 42 ProductName : Viewpoint Manager CompanyName : Viewpoint Corporation FileDescription : ViewMgr InternalName : Viewpoint Manager LegalCopyright : Copyright © 2004 OriginalFilename : ViewMgr.exe Comments : Viewpoint Manager #:33 [ituneshelper.exe] FilePath : C:\Program Files\iTunes\ ProcessID : 312 ThreadCreationTime : 8-5-2006 6:00:38 PM BasePriority : Normal FileVersion : 6.0.2.23 ProductVersion : 6.0.2.23 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:34 [realsched.exe] FilePath : C:\Program Files\Common Files\Real\Update_OB\ ProcessID : 2056 ThreadCreationTime : 8-5-2006 6:00:40 PM BasePriority : Normal FileVersion : 0.1.0.3510 ProductVersion : 0.1.0.3510 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:35 [ipodservice.exe] FilePath : C:\Program Files\iPod\bin\ ProcessID : 2104 ThreadCreationTime : 8-5-2006 6:00:42 PM BasePriority : Normal FileVersion : 6.0.2.23 ProductVersion : 6.0.2.23 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iPodService.exe #:36 [mpftray.exe] FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\ ProcessID : 2112 ThreadCreationTime : 8-5-2006 6:00:42 PM BasePriority : Normal FileVersion : 4.1.0.1 ProductVersion : 4.1.0.1 ProductName : McAfee.com Personal Firewall (MPF) CompanyName : McAfee.com Corporation FileDescription : McAfee.com Personal Firewall Tray Monitor InternalName : MpfTray LegalCopyright : Copyright © 2000-2002 McAfee.com Corporation OriginalFilename : MPFTRAY.EXE Comments : Tray Icon for McAfee.com Personal Firewall #:37 [googletoolbarnotifier.exe] FilePath : C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\ ProcessID : 2400 ThreadCreationTime : 8-5-2006 6:00:50 PM BasePriority : Normal FileVersion : 1, 0, 711, 1664 ProductVersion : 1, 0, 711, 1664 ProductName : GoogleToolbarNotifier CompanyName : Google Inc. FileDescription : GoogleToolbarNotifier LegalCopyright : Copyright © 2005-2006 OriginalFilename : GoogleToolbarNotifier.exe #:38 [dlg.exe] FilePath : C:\Program Files\Digital Line Detect\ ProcessID : 2516 ThreadCreationTime : 8-5-2006 6:00:52 PM BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : BVRP Software TestLine CompanyName : BVRP Software FileDescription : Digital Line Detection InternalName : TestLine LegalCopyright : Copyright © 2001 OriginalFilename : TestLine.exe #:39 [smartdrv.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3576 ThreadCreationTime : 8-5-2006 6:01:56 PM BasePriority : Normal FileVersion : 1.00 ProductVersion : 1.00 ProductName : Project1 CompanyName : Trojan Factory InternalName : main OriginalFilename : main.dat #:40 [officescan.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3592 ThreadCreationTime : 8-5-2006 6:01:57 PM BasePriority : Normal FileVersion : 1.00 ProductVersion : 1.00 ProductName : Project1 CompanyName : Trojan Factory InternalName : officescan OriginalFilename : officescan.exe #:41 [wuauclt.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3696 ThreadCreationTime : 8-5-2006 6:37:16 PM BasePriority : Normal FileVersion : 5.8.0.2469 built by: lab01_n(wmbla) ProductVersion : 5.8.0.2469 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Automatic Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wuauclt.exe #:42 [iexplore.exe] FilePath : C:\Program Files\Internet Explorer\ ProcessID : 2596 ThreadCreationTime : 8-5-2006 8:09:55 PM BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : IEXPLORE.EXE #:43 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 1560 ThreadCreationTime : 8-5-2006 8:18:42 PM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:44 [urlmap.exe] FilePath : C:\Program Files\Microsoft Money\System\ ProcessID : 3192 ThreadCreationTime : 8-5-2006 8:34:22 PM BasePriority : Normal FileVersion : 10.00.0809 ProductVersion : 10.00.0809 ProductName : Microsoft Money CompanyName : Microsoft Corporation FileDescription : Money URL Map InternalName : URLMAP LegalCopyright : Copyright © Microsoft Corp. 1990-2001. All rights reserved. OriginalFilename : urlmap.exe Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 15 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Adware.Admess Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : appid\{f6bdb4e5-d6aa-4d1f-8b67-bcb0f2246e21} Adware.Admess Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : appid\wstart.dll Adware.Admess Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{9896231a-c487-43a5-8369-6ec9b0a96cc0} Adware.Admess Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : wstart.whttphelper Adware.Admess Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : wstart.whttphelper.1 Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : alxtb.bho Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{0bbb0424-e98e-4405-9a94-481854765c80} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{0f3332b5-bc98-48af-9fac-05fec94ebe73} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{3e60160f-0ed6-4dcc-b6b6-850cde4fd217} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{a69107cc-bec8-4a34-b474-211b0f46a764} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{b7b84995-8b92-46bf-94aa-fa2f3dd23b84} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{fa77ad79-09cf-41fb-b171-cc856f9e737f} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : popmenu.menu Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : popup.popupkiller Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{547ab549-4dd8-4ea0-b070-f6ea062148ff} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{a6a68cbd-6673-41b1-b997-3f83a25b45b0} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{b71c7d9a-da43-4e8b-bb98-1684ac2af324} DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : appid\dailytoolbar.dll DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : appid\{951b3138-ae8e-4676-a05a-250a5f111631} DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{58f9b276-e1cc-458e-8159-21cbc021874b} DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{8333c319-0669-4893-a418-f56d9249fca6} DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : dailytoolbar.ieband DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : dailytoolbar.sysmgr DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : ietoolbar.affiliatectl DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{10195311-e434-47a9-adba-48839e3f7e4e} DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{abafa0b4-f78d-42e5-8c31-1a441d01c1df} FakeAlert Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{60e2e76b-60e2e76b-60e2e76b-60e2e76b-60e2e76b} FakeAlert Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{e52dedbb-d168-4bdb-b229-c48160800e81} WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : bridge.brdg WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1} WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : jao.jao WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{c094876d-1b0e-46fa-b6a6-7ffc0f970c27} Adware.Admess Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wsoft Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\alexa internet CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{7b55bb05-0b4d-44fd-81a6-b136188f5deb} DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\dailytoolbar DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\nix solutions\dailytoolbar Transponder Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\transponder WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{9c691a33-7dda-4c2f-be4c-c176083f35cf} WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1} WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\interface\{4fdbdbad-fefe-4c4c-9cc1-1181052afb12} WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\typelib\{c094876d-1b0e-46fa-b6a6-7ffc0f970c27} VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\respondmiter VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{ffd2825e-0785-40c5-9a41-518f53a8261f} VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-f09c-02b4-6ec2-ad0300000000} VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-c1ec-0345-6ec2-4d0300000000} VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-59d4-4008-9058-080011001200} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 47 Objects found so far: 62 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8333c319-0669-4893-a418-f56d9249fca6} FakeAlert Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e52dedbb-d168-4bdb-b229-c48160800e81} Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 64 Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:[email protected]/ Expires : 12-31-2037 5:00:00 PM LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 66 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» SCBAR Object Recognized! Type : File Data : A0039086.EXE TAC Rating : 3 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP767\ FileVersion : 1.0.0.2 ProductVersion : 1.0.0.2 Win32.Generic.PWS Object Recognized! Type : File Data : A0039840.dll TAC Rating : 10 Category : Monitoring Tool Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP767\ SCBAR Object Recognized! Type : File Data : A0041861.DLL TAC Rating : 3 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP767\ FileVersion : 1.0.0.2 ProductVersion : 1.0.0.2 Win32.Generic.PWS Object Recognized! Type : File Data : A0041932.dll TAC Rating : 10 Category : Monitoring Tool Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP767\ Win32.Generic.PWS Object Recognized! Type : File Data : temp.fr18DA TAC Rating : 10 Category : Monitoring Tool Comment : Object : C:\WINDOWS\Temp\ Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 71 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 71 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\alexa toolbar Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\alexa toolbar Alexa Object Recognized! Type : File Data : alxres.dll TAC Rating : 5 Category : Data Miner Comment : Object : C:\WINDOWS\System32\ DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\nix solutions DailyToolbar Object Recognized! Type : File Data : dailytoolbar.dll TAC Rating : 5 Category : Misc Comment : Object : C:\WINDOWS\System32\ FakeAlert Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\windows\currentversion\runonce\srv32 spool service Value : Adware.Srv32 FakeAlert Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : Adware.Srv32 FakeAlert Object Recognized! Type : File Data : alexaie.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\ FakeAlert Object Recognized! Type : File Data : alxtb1.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\