• Announcements

    • Andrew Browne

      Support for other products than adaware, ad block and Web Companion

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock


      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/

Sign in to follow this  
Followers 0
mbarnes

PLEASE HELP - MY PC IS INFECTED!

8 posts in this topic

Please help!

 

I have no knowledge in this subject whatsoever so please bear with me. I believe I was infected with [email protected] - my homepage kept redirecting to www.safetyhomepage.net and pop-ups kept appearing advising of the virus. One pop-up also referred to Networm-i.virus.fp. I looked them up through Google which led to this site. Following some advice given in previous posts I have downloaded & run SmitfraudFix and ewido anti-spyware.

 

The homepage now appears to be running OK again but I would like advise on whether anything else needs to be done. Again, following advise given in previous posts, here is the info I believe you need:

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:27 August 2006 12:20:39

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R120 25.08.2006

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie(TAC index:3):7 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

27-08-2006 12:20:39 - Scan started. (Full System Scan)

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 536

ThreadCreationTime : 27-08-2006 09:29:04

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 784

ThreadCreationTime : 27-08-2006 09:29:10

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\System32\

ProcessID : 808

ThreadCreationTime : 27-08-2006 09:29:10

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 852

ThreadCreationTime : 27-08-2006 09:29:11

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 864

ThreadCreationTime : 27-08-2006 09:29:11

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1024

ThreadCreationTime : 27-08-2006 09:29:12

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1080

ThreadCreationTime : 27-08-2006 09:29:12

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1128

ThreadCreationTime : 27-08-2006 09:29:12

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1184

ThreadCreationTime : 27-08-2006 09:29:12

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1284

ThreadCreationTime : 27-08-2006 09:29:13

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [lexbces.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1620

ThreadCreationTime : 27-08-2006 09:29:13

BasePriority : Normal

FileVersion : 8.18

ProductVersion : 8.18

ProductName : MarkVision for Windows (32 bit)

CompanyName : Lexmark International, Inc.

FileDescription : LexBce Service

InternalName : LexBce Service

LegalCopyright : © 1993 - 2003 Lexmark International, Inc.

OriginalFilename : LexBceS.exe

 

#:12 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1648

ThreadCreationTime : 27-08-2006 09:29:13

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:13 [lexpps.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1656

ThreadCreationTime : 27-08-2006 09:29:13

BasePriority : Normal

FileVersion : 8.18

ProductVersion : 8.18

ProductName : MarkVision for Windows (32 bit)

CompanyName : Lexmark International, Inc.

FileDescription : LEXPPS.EXE

InternalName : LEXPPS

LegalCopyright : © 1993 - 2003 Lexmark International, Inc.

OriginalFilename : LEXPPS.EXE

Comments : MarkVision for Windows '95 New P2P Server (32-bit)

 

#:14 [aolacsd.exe]

FilePath : C:\Program Files\Common Files\AOL\ACS\

ProcessID : 1808

ThreadCreationTime : 27-08-2006 09:29:14

BasePriority : Normal

 

 

#:15 [mcdetect.exe]

FilePath : c:\program files\mcafee.com\agent\

ProcessID : 1884

ThreadCreationTime : 27-08-2006 09:29:14

BasePriority : Normal

FileVersion : 6, 0, 0, 19

ProductVersion : 6, 0, 0, 0

ProductName : McAfee SecurityCenter

CompanyName : McAfee, Inc

FileDescription : McAfee WSC Integration Service

InternalName : McDetect

LegalCopyright : Copyright © 2005 McAfee, Inc.

OriginalFilename : McDetect.exe

Comments : McAfee WSC Integration Service

 

#:16 [mcshield.exe]

FilePath : c:\PROGRA~1\mcafee.com\vso\

ProcessID : 1908

ThreadCreationTime : 27-08-2006 09:29:14

BasePriority : High

 

 

#:17 [mctskshd.exe]

FilePath : c:\PROGRA~1\mcafee.com\agent\

ProcessID : 1944

ThreadCreationTime : 27-08-2006 09:29:14

BasePriority : Normal

FileVersion : 6, 0, 0, 13

ProductVersion : 6, 0, 0, 0

ProductName : McAfee SecurityCenter

CompanyName : McAfee, Inc

FileDescription : McAfee Task Scheduler

InternalName : McTskshd

LegalCopyright : Copyright © 2005 McAfee, Inc.

OriginalFilename : McTskshd.exe

 

#:18 [mpfservice.exe]

FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\

ProcessID : 156

ThreadCreationTime : 27-08-2006 09:29:15

BasePriority : Normal

FileVersion : 7.1.0.113

ProductVersion : 7.1.0.113

ProductName : McAfee Personal Firewall

CompanyName : McAfee Corporation

FileDescription : McAfee Personal Firewall Service

InternalName : MPFService

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : MpfService.exe

Comments : McAfee Personal Firewall Service

 

#:19 [msksrvr.exe]

FilePath : C:\PROGRA~1\McAfee\SPAMKI~1\

ProcessID : 204

ThreadCreationTime : 27-08-2006 09:29:15

BasePriority : Normal

FileVersion : 7.0.1.3

ProductVersion : 7.0

ProductName : McAfee SpamKiller

CompanyName : McAfee Inc.

FileDescription : McAfee SpamKiller Server

InternalName : MSKSRVR

LegalCopyright : Copyright © 2005, McAfee Inc.

OriginalFilename : MSKSRVR.EXE

 

#:20 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 612

ThreadCreationTime : 27-08-2006 09:29:18

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:21 [prismsvr.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 620

ThreadCreationTime : 27-08-2006 09:29:18

BasePriority : Normal

FileVersion : 2.01.13

ProductVersion : 2.01.13.0013

ProductName : PRISM Wireless LAN

CompanyName : Conexant Systems, Inc.

FileDescription : PRISM Profiles Server Module

InternalName : GlobespanVirata

LegalCopyright : Copyright © 2004, Conexant Systems, Inc.

OriginalFilename : PRISMsvr.exe

Comments : Conexant Systems, Inc. (www.conexant.com)

 

#:22 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1172

ThreadCreationTime : 27-08-2006 09:29:21

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:23 [wdfmgr.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1416

ThreadCreationTime : 27-08-2006 09:29:21

BasePriority : Normal

FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)

ProductVersion : 5.2.3790.1230

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows User Mode Driver Manager

InternalName : WdfMgr

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WdfMgr.exe

 

#:24 [smax4pnp.exe]

FilePath : C:\Program Files\Analog Devices\Core\

ProcessID : 476

ThreadCreationTime : 27-08-2006 09:29:24

BasePriority : Normal

FileVersion : 5, 2, 0, 5

ProductVersion : 5, 2, 0, 5

ProductName : SMax4PNP Application

CompanyName : Analog Devices, Inc.

FileDescription : SMax4PNP MFC Application

InternalName : SMax4PNP

LegalCopyright : Copyright © 2002-2004 Analog Devices

OriginalFilename : SMax4PNP.EXE

 

#:25 [jusched.exe]

FilePath : C:\Program Files\Java\jre1.5.0_06\bin\

ProcessID : 492

ThreadCreationTime : 27-08-2006 09:29:24

BasePriority : Normal

 

 

#:26 [issch.exe]

FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\

ProcessID : 560

ThreadCreationTime : 27-08-2006 09:29:24

BasePriority : Normal

FileVersion : 4, 50, 100, 33433

ProductVersion : 4, 50

ProductName : InstallShield Update Service

CompanyName : InstallShield Software Corporation

FileDescription : InstallShield Update Service Scheduler

InternalName : Scheduler

LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation

OriginalFilename : issch.exe

 

#:27 [aoldial.exe]

FilePath : C:\Program Files\Common Files\AOL\ACS\

ProcessID : 600

ThreadCreationTime : 27-08-2006 09:29:25

BasePriority : Normal

FileVersion : 2.6.6.3.UK.53

ProductVersion : 2.6.6.3.UK.53

ProductName : AOL Connectivity Service

CompanyName : America Online, Inc

FileDescription : AOL Connectivity Service Dialer

LegalCopyright : Copyright © 2003 America Online, Inc.

OriginalFilename : AOLDial.exe

 

#:28 [aolsp scheduler.exe]

FilePath : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\

ProcessID : 1336

ThreadCreationTime : 27-08-2006 09:29:25

BasePriority : Normal

FileVersion : 1, 0, 0, 66

ProductVersion : 1, 0, 0, 66

ProductName : AOLSP Scheduler

FileDescription : AOLSP Scheduler

InternalName : AOLSP Scheduler

LegalCopyright : Copyright © America Online, Inc. 2004

OriginalFilename : AOLSP Scheduler.exe

 

#:29 [oasclnt.exe]

FilePath : C:\Program Files\McAfee.com\VSO\

ProcessID : 712

ThreadCreationTime : 27-08-2006 09:29:25

BasePriority : Normal

FileVersion : 10, 0, 0, 24

ProductVersion : 10, 0, 0, 0

ProductName : McAfee VirusScan

CompanyName : McAfee, Inc.

FileDescription : McAfee VirusScan OAS Client

InternalName : OasClnt

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : OasClnt.exe

Comments : McAfee VirusScan OAS Client

 

#:30 [mcagent.exe]

FilePath : C:\PROGRA~1\mcafee.com\agent\

ProcessID : 1152

ThreadCreationTime : 27-08-2006 09:29:26

BasePriority : Normal

FileVersion : 6, 0, 0, 16

ProductVersion : 6, 0, 0, 0

ProductName : McAfee SecurityCenter

CompanyName : McAfee, Inc

FileDescription : McAfee SecurityCenter Agent

InternalName : mcagent

LegalCopyright : Copyright © 2005 McAfee, Inc.

OriginalFilename : mcagent.exe

 

#:31 [dlactrlw.exe]

FilePath : C:\WINDOWS\System32\DLA\

ProcessID : 680

ThreadCreationTime : 27-08-2006 09:29:26

BasePriority : Normal

FileVersion : 5.20.08a

CompanyName : Sonic Solutions

FileDescription : Drive Letter Access Component

LegalCopyright : Copyright © 2004 Sonic Solutions

 

#:32 [mskagent.exe]

FilePath : C:\PROGRA~1\McAfee\SPAMKI~1\

ProcessID : 2056

ThreadCreationTime : 27-08-2006 09:29:27

BasePriority : Normal

FileVersion : 7.0.2.0

ProductVersion : 7.0

ProductName : McAfee SpamKiller

CompanyName : McAfee Inc.

FileDescription : McAfee SpamKiller Agent Interface module

InternalName : MskAgent

LegalCopyright : Copyright © 2005 McAfee, Inc.

OriginalFilename : MskAgent.exe

 

#:33 [mcvsshld.exe]

FilePath : C:\Program Files\McAfee.com\VSO\

ProcessID : 2124

ThreadCreationTime : 27-08-2006 09:29:27

BasePriority : Normal

FileVersion : 10, 0, 0, 22

ProductVersion : 10, 0, 0, 0

ProductName : McAfee VirusScan

CompanyName : McAfee, Inc.

FileDescription : McAfee VirusScan ActiveShield Resource

InternalName : McVsShld

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : McVsShld.exe

Comments : McAfee VirusScan ActiveShield Resource

 

#:34 [mpftray.exe]

FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\

ProcessID : 2148

ThreadCreationTime : 27-08-2006 09:29:28

BasePriority : Normal

FileVersion : 7.1.0.113

ProductVersion : 7.1.0.113

ProductName : McAfee Personal Firewall (MPF)

CompanyName : McAfee Security

FileDescription : McAfee Personal Firewall Tray Monitor

InternalName : MpfTray

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : MPFTRAY.EXE

Comments : Tray Icon for McAfee Personal Firewall

 

#:35 [mscifapp.exe]

FilePath : C:\PROGRA~1\mcafee.com\mps\

ProcessID : 2184

ThreadCreationTime : 27-08-2006 09:29:28

BasePriority : Normal

FileVersion : 8.1.0.136

ProductVersion : 8.1.0.136

ProductName : McAfee Privacy Service

CompanyName : McAfee, Inc.

FileDescription : McAfee Privacy Service

InternalName : mscifapp

LegalCopyright : Copyright © 2005 McAfee, Inc.

All rights reserved

OriginalFilename : mscifapp.exe

 

#:36 [hkcmd.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2220

ThreadCreationTime : 27-08-2006 09:29:28

BasePriority : Normal

FileVersion : 3.0.0.4396

ProductVersion : 7.0.0.4396

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : hkcmd Module

InternalName : HKCMD

LegalCopyright : Copyright 1999-2004, Intel Corporation

OriginalFilename : HKCMD.EXE

 

#:37 [igfxpers.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2232

ThreadCreationTime : 27-08-2006 09:29:29

BasePriority : Normal

FileVersion : 3.0.0.4396

ProductVersion : 7.0.0.4396

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : persistence Module

InternalName : PERSISTENCE

LegalCopyright : Copyright 1999-2004, Intel Corporation

OriginalFilename : IGFXPERS.EXE

 

#:38 [realsched.exe]

FilePath : C:\Program Files\Common Files\Real\Update_OB\

ProcessID : 2248

ThreadCreationTime : 27-08-2006 09:29:29

BasePriority : Normal

FileVersion : 0.1.0.3510

ProductVersion : 0.1.0.3510

ProductName : RealPlayer (32-bit)

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004

LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.

OriginalFilename : realsched.exe

 

#:39 [mcvsescn.exe]

FilePath : c:\progra~1\mcafee.com\vso\

ProcessID : 2312

ThreadCreationTime : 27-08-2006 09:29:29

BasePriority : Normal

FileVersion : 10, 0, 0, 20

ProductVersion : 10, 0, 0, 0

ProductName : McAfee VirusScan

CompanyName : McAfee, Inc.

FileDescription : McAfee VirusScan E-mail Scan Module

InternalName : mcvsescn

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : mcvsescn.EXE

Comments : McAfee VirusScan E-mail Scan Module

 

#:40 [tsnp2std.exe]

FilePath : C:\WINDOWS\

ProcessID : 2328

ThreadCreationTime : 27-08-2006 09:29:29

BasePriority : Normal

FileVersion : 1, 1, 2, 3

ProductVersion : 1, 1, 2, 3

ProductName : tsnp2std

FileDescription : tsnp2std Microsoft

InternalName : tsnp2std

LegalCopyright : ???? © 2005

OriginalFilename : tsnp2std.EXE

 

#:41 [vsnp2std.exe]

FilePath : C:\WINDOWS\

ProcessID : 2348

ThreadCreationTime : 27-08-2006 09:29:30

BasePriority : Normal

FileVersion : 1, 0, 3, 4

ProductVersion : 1, 0, 3, 4

ProductName : CameraMonitor Application

CompanyName : Sonix

FileDescription : CameraMonitor Application

InternalName : CameraMonitor

LegalCopyright : Copyright 2002-2005

OriginalFilename : CameraMonitor.EXE

 

#:42 [dsagnt.exe]

FilePath : C:\Program Files\Dell Support\

ProcessID : 2376

ThreadCreationTime : 27-08-2006 09:29:30

BasePriority : Below Normal

FileVersion : 1, 1, 0, 73

ProductVersion : 1, 1, 0, 73

ProductName : Dell Support

CompanyName : Gteko Ltd.

FileDescription : Dell Support

InternalName : AUAgent

LegalCopyright : Copyright © 2000 - 2004 Gteko Ltd.

OriginalFilename : AUAgent.exe

 

#:43 [msmsgs.exe]

FilePath : C:\Program Files\Messenger\

ProcessID : 2404

ThreadCreationTime : 27-08-2006 09:29:30

BasePriority : Normal

FileVersion : 4.7.3001

ProductVersion : Version 4.7.3001

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Windows Messenger

InternalName : msmsgs

LegalCopyright : Copyright © Microsoft Corporation 2004

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msmsgs.exe

 

#:44 [registryrepairpro.exe]

FilePath : C:\Documents and Settings\Marcus Barnes\My Documents\Windows Registry Repair Pro\

ProcessID : 2412

ThreadCreationTime : 27-08-2006 09:29:30

BasePriority : Normal

FileVersion : 2.0.0.0

ProductVersion : 2.0.0

ProductName : Windows Registry Repair Pro

CompanyName : 3B Software, Inc.

FileDescription : Windows Registry Repair Pro

InternalName : wwrp

LegalCopyright : Copyright © 2003-2004, WyvernWorks Dot Com. All Rights reserved.

LegalTrademarks : WyvernWorks Dot Com

OriginalFilename : RegistryRepairPro.exe

Comments : Windows Registry repair Pro

 

#:45 [dlg.exe]

FilePath : C:\Program Files\Digital Line Detect\

ProcessID : 2500

ThreadCreationTime : 27-08-2006 09:29:31

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : BVRP Software TestLine

CompanyName : BVRP Software

FileDescription : Digital Line Detection

InternalName : TestLine

LegalCopyright : Copyright © 2003

OriginalFilename : TestLine.exe

 

#:46 [prismcfg.exe]

FilePath : C:\Program Files\Dell Wireless\

ProcessID : 2528

ThreadCreationTime : 27-08-2006 09:29:31

BasePriority : Normal

FileVersion : 2.01.13 (Alpha)

ProductVersion : 2.01.13.0013 (Alpha)

ProductName : USB 2.0 Wireless LAN

CompanyName : Dell Inc.

FileDescription : Wireless Card Utility

InternalName : PRISMCFG.exe

LegalCopyright : Copyright © 2004, Dell Inc.

OriginalFilename : PRISMCFG.exe

Comments : Dell Corporation (www.dell.com)

 

#:47 [mcvsftsn.exe]

FilePath : c:\progra~1\mcafee.com\vso\

ProcessID : 3120

ThreadCreationTime : 27-08-2006 09:29:39

BasePriority : Normal

FileVersion : 10, 0, 0, 19

ProductVersion : 10, 0, 0, 0

ProductName : McAfee VirusScan

CompanyName : McAfee, Inc.

FileDescription : McAfee VirusScan Instant Messenger Scan Module

InternalName : mcvsftsn

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : mcvsftsn.EXE

Comments : McAfee VirusScan Instant Messenger Scan Module

 

#:48 [servicelayer.exe]

FilePath : C:\Program Files\Common Files\PCSuite\Services\

ProcessID : 3424

ThreadCreationTime : 27-08-2006 09:29:40

BasePriority : Normal

FileVersion : 6, 81, 60, 0

ProductVersion : 6.0

ProductName : PC Connectivity Solution

CompanyName : Nokia.

FileDescription : ServiceLayer Module

InternalName : ServiceLayer

LegalCopyright : Copyright © 2002-2006 Nokia. All Rights Reserved.

OriginalFilename : ServiceLayer.exe

 

#:49 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 3668

ThreadCreationTime : 27-08-2006 09:29:43

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:50 [mpfagent.exe]

FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\

ProcessID : 392

ThreadCreationTime : 27-08-2006 09:30:01

BasePriority : Normal

FileVersion : 7.1.0.113

ProductVersion : 7.1.0.113

ProductName : McAfee Personal Firewall (MPF)

CompanyName : McAfee Security

FileDescription : McAfee Personal Firewall Agent Interface

InternalName : MpfAgent

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : MPFAGENT.EXE

Comments : McAfee Personal Firewall Security Center Module

 

#:51 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2584

ThreadCreationTime : 27-08-2006 09:30:05

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:52 [isuspm.exe]

FilePath : c:\program files\common files\installshield\updateservice\

ProcessID : 3932

ThreadCreationTime : 27-08-2006 09:30:24

BasePriority : Normal

FileVersion : 4, 50, 100, 33433

ProductVersion : 4, 50

ProductName : InstallShield Update Service

CompanyName : InstallShield Software Corporation

FileDescription : InstallShield Update Service Update Manager

InternalName : ProgramManager

LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation

OriginalFilename : ISUSPM.exe

 

#:53 [agent.exe]

FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\

ProcessID : 2320

ThreadCreationTime : 27-08-2006 09:30:37

BasePriority : Normal

FileVersion : 4, 50, 100, 33433

ProductVersion : 4, 50

ProductName : InstallShield Update Service

CompanyName : InstallShield Software Corporation

FileDescription : InstallShield Update Service Agent

InternalName : Agent

LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation

OriginalFilename : agent.exe

 

#:54 [iexplore.exe]

FilePath : C:\Program Files\Internet Explorer\

ProcessID : 4076

ThreadCreationTime : 27-08-2006 09:32:53

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : IEXPLORE.EXE

 

#:55 [guard.exe]

FilePath : C:\Program Files\ewido anti-spyware 4.0\

ProcessID : 2444

ThreadCreationTime : 27-08-2006 09:53:07

BasePriority : Normal

FileVersion : 4, 0, 0, 172

ProductVersion : 4, 0, 0, 172

ProductName : ewido anti-spyware

CompanyName : Anti-Malware Development a.s.

FileDescription : ewido anti-spyware guard

InternalName : ewido anti-spywareguard

LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.

OriginalFilename : guard.exe

 

#:56 [ewido.exe]

FilePath : C:\Program Files\ewido anti-spyware 4.0\

ProcessID : 3936

ThreadCreationTime : 27-08-2006 09:53:29

BasePriority : Normal

FileVersion : 4, 0, 0, 172

ProductVersion : 4, 0, 0, 172

ProductName : ewido anti-spyware

CompanyName : Anti-Malware Development a.s.

FileDescription : ewido anti-spyware

InternalName : ewido anti-spyware

LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.

OriginalFilename : ewido.exe

 

#:57 [ad-aware.exe]

FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\

ProcessID : 5204

ThreadCreationTime : 27-08-2006 11:20:11

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:marcus [email protected]/

Expires : 26-08-2011 01:00:00

LastSync : Hits:2

UseCount : 0

Hits : 2

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 1

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][3].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus [email protected][3].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus [email protected][1].txt

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 7

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 7

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 7

 

12:32:41 Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:12:01.609

Objects scanned:180148

Objects identified:7

Objects ignored:0

New critical objects:7

 

 

=====================================================================

 

Logfile of HijackThis v1.99.1

Scan saved at 12:57:55, on 27/08/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\PRISMSVR.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\McAfee.com\VSO\oasclnt.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\Program Files\McAfee.com\VSO\mcvsshld.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\PROGRA~1\mcafee.com\mps\mscifapp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Marcus Barnes\My Documents\Windows Registry Repair Pro\RegistryRepairPro.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell Wireless\PRISMCFG.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\WINDOWS\System32\svchost.exe

c:\program files\common files\installshield\updateservice\isuspm.exe

C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

C:\Program Files\HijackThis\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\blank.htm

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll

O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Documents and Settings\Marcus Barnes\My Documents\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Documents and Settings\Marcus Barnes\My Documents\Windows Registry Repair Pro\RegistryRepairPro.exe 4

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\DOCUME~1\MARCUS~1\MYDOCU~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\DOCUME~1\MARCUS~1\MYDOCU~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

 

 

Many thanks for any assistance!!

Share this post


Link to post
Share on other sites

Hi ,

 

Apologies for the late reply, we've been quite swamped in here as you can probably see.

 

Are you still needing help?

 

I'm now subscribed to this topic so I will receive a notice from the board as soon as you reply, so I can be here much more quickly than it has taken to get to your new topic.

 

If you still need help we need two things:

 

1. Your Adaware Scan log with the latest reference file update.

 

Please make sure that you are using

Ad-aware SE Build 106r1

Note: If your version is 6.0 and not the SE, you need to uninstall and get the latest version from the above link.

 

[if not Uninstall your old Ad-aware first then install SE]

Then use the WebUpDate

to get the latest Definition file

SE1R121 28.08.2006

To do this Open Ad-aware

Click the WebUpDate

button at the top right hand side of the Ad-aware screen (The world globe).

Click "Connect"

Ad-aware will then download the latest Definition file for you.

To make sure it is updated , look at the main

Ad-aware screen, and look under "Initialization Status"

It should say the Latest Definition file.

then scan doing a "Full Scan"

and then post your logfile here by using the Add-Reply Feature .

As Logs are stored in :

C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.

An easy way to get there is to

click Start,

click Run

And type in and press ENTER: %appdata%

then click Lavasoft

then Ad-Aware

and then Logs.

scroll down to find the latest one that you have

(by date & time)

and open it right Click select all

copy and then paste the contents of it here.

(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)

...............

2. A fresh HijackThis log for review to see where you are now.

Share this post


Link to post
Share on other sites

Thanks for your help - yes I do still need help!

 

Please find below the information you requested.

 

When I was running the full scan on Adaware, my McAfee virus protection kept popping up something about Puper trojan being found in several files within C:\System Volume Information or something like that? It said it could not be deleted or quarantined as it was write protected??

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:03 September 2006 14:55:58

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R121 28.08.2006

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):38 total references

Tracking Cookie(TAC index:3):59 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

03-09-2006 14:55:58 - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Marcus Barnes\Application Data\microsoft\office\recent

Description : list of recently opened documents using microsoft office

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Marcus Barnes\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\mediaplayer\medialibraryui

Description : last selected node in the microsoft windows media player media library

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\mediaplayer\player\recentfilelist

Description : list of recently used files in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\mediaplayer\preferences

Description : last playlist index loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\microsoft management console\recent file list

Description : list of recent snap-ins used in the microsoft management console

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\office\11.0\common\general

Description : list of recently used symbols in microsoft office

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\insert picture\file name mru

Description : list of recent pictured inserted in microsoft powerpoint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\save as\file name mru

Description : list of recent documents saved by microsoft powerpoint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru

Description : list of recent documents saved by microsoft word

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\office\11.0\powerpoint\recent file list

Description : list of recent files used by microsoft powerpoint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\office\11.0\powerpoint\recent templates

Description : list of recent templates used by microsoft powerpoint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\office\11.0\powerpoint\recent typeface list

Description : list of recently used typefaces in microsoft powerpoint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\office\11.0\powerpoint\recenttemplatelist

Description : list of recent templates used by microsoft powerpoint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\windows\currentversion\applets\paint\recent file list

Description : list of files recently opened using microsoft paint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\windows\currentversion\applets\regedit

Description : last key accessed using the microsoft registry editor

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\windows\currentversion\applets\wordpad\recent file list

Description : list of recent files opened using wordpad

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\windows\currentversion\explorer\runmru

Description : mru list for items opened in start | run

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\realnetworks\realplayer\6.0\preferences

Description : list of recent skins in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\realnetworks\realplayer\6.0\preferences

Description : list of recent clips in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\realnetworks\realplayer\6.0\preferences

Description : last login time in realplayer

 

 

MRU List Object Recognized!

Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1399283371-137122185-3649787643-1006\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 536

ThreadCreationTime : 03-09-2006 12:26:35

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 784

ThreadCreationTime : 03-09-2006 12:26:41

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\System32\

ProcessID : 808

ThreadCreationTime : 03-09-2006 12:26:42

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 852

ThreadCreationTime : 03-09-2006 12:26:42

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 864

ThreadCreationTime : 03-09-2006 12:26:42

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1020

ThreadCreationTime : 03-09-2006 12:26:44

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1080

ThreadCreationTime : 03-09-2006 12:26:44

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1128

ThreadCreationTime : 03-09-2006 12:26:44

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1180

ThreadCreationTime : 03-09-2006 12:26:44

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1368

ThreadCreationTime : 03-09-2006 12:26:45

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [lexbces.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1616

ThreadCreationTime : 03-09-2006 12:26:45

BasePriority : Normal

FileVersion : 8.18

ProductVersion : 8.18

ProductName : MarkVision for Windows (32 bit)

CompanyName : Lexmark International, Inc.

FileDescription : LexBce Service

InternalName : LexBce Service

LegalCopyright : © 1993 - 2003 Lexmark International, Inc.

OriginalFilename : LexBceS.exe

 

#:12 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1648

ThreadCreationTime : 03-09-2006 12:26:45

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:13 [lexpps.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1656

ThreadCreationTime : 03-09-2006 12:26:45

BasePriority : Normal

FileVersion : 8.18

ProductVersion : 8.18

ProductName : MarkVision for Windows (32 bit)

CompanyName : Lexmark International, Inc.

FileDescription : LEXPPS.EXE

InternalName : LEXPPS

LegalCopyright : © 1993 - 2003 Lexmark International, Inc.

OriginalFilename : LEXPPS.EXE

Comments : MarkVision for Windows '95 New P2P Server (32-bit)

 

#:14 [aolacsd.exe]

FilePath : C:\Program Files\Common Files\AOL\ACS\

ProcessID : 1808

ThreadCreationTime : 03-09-2006 12:26:46

BasePriority : Normal

 

 

#:15 [guard.exe]

FilePath : C:\Program Files\ewido anti-spyware 4.0\

ProcessID : 1832

ThreadCreationTime : 03-09-2006 12:26:46

BasePriority : Normal

FileVersion : 4, 0, 0, 172

ProductVersion : 4, 0, 0, 172

ProductName : ewido anti-spyware

CompanyName : Anti-Malware Development a.s.

FileDescription : ewido anti-spyware guard

InternalName : ewido anti-spywareguard

LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.

OriginalFilename : guard.exe

 

#:16 [mcdetect.exe]

FilePath : c:\program files\mcafee.com\agent\

ProcessID : 1888

ThreadCreationTime : 03-09-2006 12:26:46

BasePriority : Normal

FileVersion : 6, 0, 0, 19

ProductVersion : 6, 0, 0, 0

ProductName : McAfee SecurityCenter

CompanyName : McAfee, Inc

FileDescription : McAfee WSC Integration Service

InternalName : McDetect

LegalCopyright : Copyright © 2005 McAfee, Inc.

OriginalFilename : McDetect.exe

Comments : McAfee WSC Integration Service

 

#:17 [mcshield.exe]

FilePath : c:\PROGRA~1\mcafee.com\vso\

ProcessID : 1932

ThreadCreationTime : 03-09-2006 12:26:46

BasePriority : High

 

 

#:18 [mctskshd.exe]

FilePath : c:\PROGRA~1\mcafee.com\agent\

ProcessID : 1952

ThreadCreationTime : 03-09-2006 12:26:46

BasePriority : Normal

FileVersion : 6, 0, 0, 13

ProductVersion : 6, 0, 0, 0

ProductName : McAfee SecurityCenter

CompanyName : McAfee, Inc

FileDescription : McAfee Task Scheduler

InternalName : McTskshd

LegalCopyright : Copyright © 2005 McAfee, Inc.

OriginalFilename : McTskshd.exe

 

#:19 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 508

ThreadCreationTime : 03-09-2006 12:26:52

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:20 [prismsvr.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 524

ThreadCreationTime : 03-09-2006 12:26:52

BasePriority : Normal

FileVersion : 2.01.13

ProductVersion : 2.01.13.0013

ProductName : PRISM Wireless LAN

CompanyName : Conexant Systems, Inc.

FileDescription : PRISM Profiles Server Module

InternalName : GlobespanVirata

LegalCopyright : Copyright © 2004, Conexant Systems, Inc.

OriginalFilename : PRISMsvr.exe

Comments : Conexant Systems, Inc. (www.conexant.com)

 

#:21 [mpfservice.exe]

FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\

ProcessID : 564

ThreadCreationTime : 03-09-2006 12:26:52

BasePriority : Normal

FileVersion : 7.1.0.113

ProductVersion : 7.1.0.113

ProductName : McAfee Personal Firewall

CompanyName : McAfee Corporation

FileDescription : McAfee Personal Firewall Service

InternalName : MPFService

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : MpfService.exe

Comments : McAfee Personal Firewall Service

 

#:22 [msksrvr.exe]

FilePath : C:\PROGRA~1\McAfee\SPAMKI~1\

ProcessID : 592

ThreadCreationTime : 03-09-2006 12:26:52

BasePriority : Normal

FileVersion : 7.0.1.3

ProductVersion : 7.0

ProductName : McAfee SpamKiller

CompanyName : McAfee Inc.

FileDescription : McAfee SpamKiller Server

InternalName : MSKSRVR

LegalCopyright : Copyright © 2005, McAfee Inc.

OriginalFilename : MSKSRVR.EXE

 

#:23 [smax4pnp.exe]

FilePath : C:\Program Files\Analog Devices\Core\

ProcessID : 1464

ThreadCreationTime : 03-09-2006 12:26:57

BasePriority : Normal

FileVersion : 5, 2, 0, 5

ProductVersion : 5, 2, 0, 5

ProductName : SMax4PNP Application

CompanyName : Analog Devices, Inc.

FileDescription : SMax4PNP MFC Application

InternalName : SMax4PNP

LegalCopyright : Copyright © 2002-2004 Analog Devices

OriginalFilename : SMax4PNP.EXE

 

#:24 [jusched.exe]

FilePath : C:\Program Files\Java\jre1.5.0_06\bin\

ProcessID : 1472

ThreadCreationTime : 03-09-2006 12:26:57

BasePriority : Normal

 

 

#:25 [issch.exe]

FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\

ProcessID : 232

ThreadCreationTime : 03-09-2006 12:27:01

BasePriority : Normal

FileVersion : 4, 50, 100, 33433

ProductVersion : 4, 50

ProductName : InstallShield Update Service

CompanyName : InstallShield Software Corporation

FileDescription : InstallShield Update Service Scheduler

InternalName : Scheduler

LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation

OriginalFilename : issch.exe

 

#:26 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 364

ThreadCreationTime : 03-09-2006 12:27:02

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:27 [wdfmgr.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 460

ThreadCreationTime : 03-09-2006 12:27:02

BasePriority : Normal

FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)

ProductVersion : 5.2.3790.1230

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows User Mode Driver Manager

InternalName : WdfMgr

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WdfMgr.exe

 

#:28 [aoldial.exe]

FilePath : C:\Program Files\Common Files\AOL\ACS\

ProcessID : 1296

ThreadCreationTime : 03-09-2006 12:27:03

BasePriority : Normal

FileVersion : 2.6.6.3.UK.53

ProductVersion : 2.6.6.3.UK.53

ProductName : AOL Connectivity Service

CompanyName : America Online, Inc

FileDescription : AOL Connectivity Service Dialer

LegalCopyright : Copyright © 2003 America Online, Inc.

OriginalFilename : AOLDial.exe

 

#:29 [aolsp scheduler.exe]

FilePath : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\

ProcessID : 516

ThreadCreationTime : 03-09-2006 12:27:03

BasePriority : Normal

FileVersion : 1, 0, 0, 66

ProductVersion : 1, 0, 0, 66

ProductName : AOLSP Scheduler

FileDescription : AOLSP Scheduler

InternalName : AOLSP Scheduler

LegalCopyright : Copyright © America Online, Inc. 2004

OriginalFilename : AOLSP Scheduler.exe

 

#:30 [oasclnt.exe]

FilePath : C:\Program Files\McAfee.com\VSO\

ProcessID : 1556

ThreadCreationTime : 03-09-2006 12:27:04

BasePriority : Normal

FileVersion : 10, 0, 0, 24

ProductVersion : 10, 0, 0, 0

ProductName : McAfee VirusScan

CompanyName : McAfee, Inc.

FileDescription : McAfee VirusScan OAS Client

InternalName : OasClnt

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : OasClnt.exe

Comments : McAfee VirusScan OAS Client

 

#:31 [mcagent.exe]

FilePath : C:\PROGRA~1\mcafee.com\agent\

ProcessID : 2056

ThreadCreationTime : 03-09-2006 12:27:04

BasePriority : Normal

FileVersion : 6, 0, 0, 16

ProductVersion : 6, 0, 0, 0

ProductName : McAfee SecurityCenter

CompanyName : McAfee, Inc

FileDescription : McAfee SecurityCenter Agent

InternalName : mcagent

LegalCopyright : Copyright © 2005 McAfee, Inc.

OriginalFilename : mcagent.exe

 

#:32 [dlactrlw.exe]

FilePath : C:\WINDOWS\System32\DLA\

ProcessID : 2156

ThreadCreationTime : 03-09-2006 12:27:06

BasePriority : Normal

FileVersion : 5.20.08a

CompanyName : Sonic Solutions

FileDescription : Drive Letter Access Component

LegalCopyright : Copyright © 2004 Sonic Solutions

 

#:33 [mcvsshld.exe]

FilePath : c:\program files\mcafee.com\vso\

ProcessID : 2204

ThreadCreationTime : 03-09-2006 12:27:07

BasePriority : Normal

FileVersion : 10, 0, 0, 22

ProductVersion : 10, 0, 0, 0

ProductName : McAfee VirusScan

CompanyName : McAfee, Inc.

FileDescription : McAfee VirusScan ActiveShield Resource

InternalName : McVsShld

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : McVsShld.exe

Comments : McAfee VirusScan ActiveShield Resource

 

#:34 [mcvsescn.exe]

FilePath : c:\progra~1\mcafee.com\vso\

ProcessID : 2256

ThreadCreationTime : 03-09-2006 12:27:07

BasePriority : Normal

FileVersion : 10, 0, 0, 20

ProductVersion : 10, 0, 0, 0

ProductName : McAfee VirusScan

CompanyName : McAfee, Inc.

FileDescription : McAfee VirusScan E-mail Scan Module

InternalName : mcvsescn

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : mcvsescn.EXE

Comments : McAfee VirusScan E-mail Scan Module

 

#:35 [mskagent.exe]

FilePath : C:\PROGRA~1\McAfee\SPAMKI~1\

ProcessID : 2284

ThreadCreationTime : 03-09-2006 12:27:07

BasePriority : Normal

FileVersion : 7.0.2.0

ProductVersion : 7.0

ProductName : McAfee SpamKiller

CompanyName : McAfee Inc.

FileDescription : McAfee SpamKiller Agent Interface module

InternalName : MskAgent

LegalCopyright : Copyright © 2005 McAfee, Inc.

OriginalFilename : MskAgent.exe

 

#:36 [mpftray.exe]

FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\

ProcessID : 2368

ThreadCreationTime : 03-09-2006 12:27:08

BasePriority : Normal

FileVersion : 7.1.0.113

ProductVersion : 7.1.0.113

ProductName : McAfee Personal Firewall (MPF)

CompanyName : McAfee Security

FileDescription : McAfee Personal Firewall Tray Monitor

InternalName : MpfTray

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : MPFTRAY.EXE

Comments : Tray Icon for McAfee Personal Firewall

 

#:37 [mscifapp.exe]

FilePath : C:\PROGRA~1\mcafee.com\mps\

ProcessID : 2408

ThreadCreationTime : 03-09-2006 12:27:12

BasePriority : Normal

FileVersion : 8.1.0.136

ProductVersion : 8.1.0.136

ProductName : McAfee Privacy Service

CompanyName : McAfee, Inc.

FileDescription : McAfee Privacy Service

InternalName : mscifapp

LegalCopyright : Copyright © 2005 McAfee, Inc.

All rights reserved

OriginalFilename : mscifapp.exe

 

#:38 [hkcmd.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2436

ThreadCreationTime : 03-09-2006 12:27:12

BasePriority : Normal

FileVersion : 3.0.0.4396

ProductVersion : 7.0.0.4396

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : hkcmd Module

InternalName : HKCMD

LegalCopyright : Copyright 1999-2004, Intel Corporation

OriginalFilename : HKCMD.EXE

 

#:39 [igfxpers.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2444

ThreadCreationTime : 03-09-2006 12:27:12

BasePriority : Normal

FileVersion : 3.0.0.4396

ProductVersion : 7.0.0.4396

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : persistence Module

InternalName : PERSISTENCE

LegalCopyright : Copyright 1999-2004, Intel Corporation

OriginalFilename : IGFXPERS.EXE

 

#:40 [realsched.exe]

FilePath : C:\Program Files\Common Files\Real\Update_OB\

ProcessID : 2480

ThreadCreationTime : 03-09-2006 12:27:12

BasePriority : Normal

FileVersion : 0.1.0.3510

ProductVersion : 0.1.0.3510

ProductName : RealPlayer (32-bit)

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004

LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.

OriginalFilename : realsched.exe

 

#:41 [tsnp2std.exe]

FilePath : C:\WINDOWS\

ProcessID : 2820

ThreadCreationTime : 03-09-2006 12:27:19

BasePriority : Normal

FileVersion : 1, 1, 2, 3

ProductVersion : 1, 1, 2, 3

ProductName : tsnp2std

FileDescription : tsnp2std Microsoft

InternalName : tsnp2std

LegalCopyright : ???? © 2005

OriginalFilename : tsnp2std.EXE

 

#:42 [vsnp2std.exe]

FilePath : C:\WINDOWS\

ProcessID : 2944

ThreadCreationTime : 03-09-2006 12:27:19

BasePriority : Normal

FileVersion : 1, 0, 3, 4

ProductVersion : 1, 0, 3, 4

ProductName : CameraMonitor Application

CompanyName : Sonix

FileDescription : CameraMonitor Application

InternalName : CameraMonitor

LegalCopyright : Copyright 2002-2005

OriginalFilename : CameraMonitor.EXE

 

#:43 [launch~1.exe]

FilePath : C:\PROGRA~1\Nokia\NOKIAP~1\

ProcessID : 3164

ThreadCreationTime : 03-09-2006 12:27:23

BasePriority : Normal

 

 

#:44 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 3224

ThreadCreationTime : 03-09-2006 12:27:24

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:45 [mpfagent.exe]

FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\

ProcessID : 3512

ThreadCreationTime : 03-09-2006 12:27:26

BasePriority : Normal

FileVersion : 7.1.0.113

ProductVersion : 7.1.0.113

ProductName : McAfee Personal Firewall (MPF)

CompanyName : McAfee Security

FileDescription : McAfee Personal Firewall Agent Interface

InternalName : MpfAgent

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : MPFAGENT.EXE

Comments : McAfee Personal Firewall Security Center Module

 

#:46 [servicelayer.exe]

FilePath : C:\Program Files\Common Files\PCSuite\Services\

ProcessID : 3996

ThreadCreationTime : 03-09-2006 12:27:30

BasePriority : Normal

FileVersion : 6, 81, 60, 0

ProductVersion : 6.0

ProductName : PC Connectivity Solution

CompanyName : Nokia.

FileDescription : ServiceLayer Module

InternalName : ServiceLayer

LegalCopyright : Copyright © 2002-2006 Nokia. All Rights Reserved.

OriginalFilename : ServiceLayer.exe

 

#:47 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 4064

ThreadCreationTime : 03-09-2006 12:27:31

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:48 [ewido.exe]

FilePath : C:\Program Files\ewido anti-spyware 4.0\

ProcessID : 452

ThreadCreationTime : 03-09-2006 12:27:32

BasePriority : Normal

FileVersion : 4, 0, 0, 172

ProductVersion : 4, 0, 0, 172

ProductName : ewido anti-spyware

CompanyName : Anti-Malware Development a.s.

FileDescription : ewido anti-spyware

InternalName : ewido anti-spyware

LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.

OriginalFilename : ewido.exe

 

#:49 [dsagnt.exe]

FilePath : C:\Program Files\Dell Support\

ProcessID : 2376

ThreadCreationTime : 03-09-2006 12:27:44

BasePriority : Below Normal

FileVersion : 1, 1, 0, 73

ProductVersion : 1, 1, 0, 73

ProductName : Dell Support

CompanyName : Gteko Ltd.

FileDescription : Dell Support

InternalName : AUAgent

LegalCopyright : Copyright © 2000 - 2004 Gteko Ltd.

OriginalFilename : AUAgent.exe

 

#:50 [msnmsgr.exe]

FilePath : C:\Program Files\MSN Messenger\

ProcessID : 2644

ThreadCreationTime : 03-09-2006 12:27:55

BasePriority : Normal

FileVersion : 7.5.0324

ProductVersion : 7.5.0324

ProductName : MSN Messenger

CompanyName : Microsoft Corporation

FileDescription : MSN Messenger

InternalName : msnmsgr

LegalCopyright : Copyright © Microsoft Corporation 1997-2004

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msnmsgr.exe

 

#:51 [msmsgs.exe]

FilePath : C:\Program Files\Messenger\

ProcessID : 3088

ThreadCreationTime : 03-09-2006 12:28:00

BasePriority : Normal

FileVersion : 4.7.3001

ProductVersion : Version 4.7.3001

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Windows Messenger

InternalName : msmsgs

LegalCopyright : Copyright © Microsoft Corporation 2004

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msmsgs.exe

 

#:52 [isuspm.exe]

FilePath : c:\program files\common files\installshield\updateservice\

ProcessID : 3208

ThreadCreationTime : 03-09-2006 12:28:02

BasePriority : Normal

FileVersion : 4, 50, 100, 33433

ProductVersion : 4, 50

ProductName : InstallShield Update Service

CompanyName : InstallShield Software Corporation

FileDescription : InstallShield Update Service Update Manager

InternalName : ProgramManager

LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation

OriginalFilename : ISUSPM.exe

 

#:53 [registryrepairpro.exe]

FilePath : C:\Documents and Settings\Marcus Barnes\My Documents\Windows Registry Repair Pro\

ProcessID : 2608

ThreadCreationTime : 03-09-2006 12:28:04

BasePriority : Normal

FileVersion : 2.0.0.0

ProductVersion : 2.0.0

ProductName : Windows Registry Repair Pro

CompanyName : 3B Software, Inc.

FileDescription : Windows Registry Repair Pro

InternalName : wwrp

LegalCopyright : Copyright © 2003-2004, WyvernWorks Dot Com. All Rights reserved.

LegalTrademarks : WyvernWorks Dot Com

OriginalFilename : RegistryRepairPro.exe

Comments : Windows Registry repair Pro

 

#:54 [mcvsftsn.exe]

FilePath : c:\progra~1\mcafee.com\vso\

ProcessID : 3488

ThreadCreationTime : 03-09-2006 12:28:06

BasePriority : Normal

FileVersion : 10, 0, 0, 19

ProductVersion : 10, 0, 0, 0

ProductName : McAfee VirusScan

CompanyName : McAfee, Inc.

FileDescription : McAfee VirusScan Instant Messenger Scan Module

InternalName : mcvsftsn

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : mcvsftsn.EXE

Comments : McAfee VirusScan Instant Messenger Scan Module

 

#:55 [agent.exe]

FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\

ProcessID : 3992

ThreadCreationTime : 03-09-2006 12:28:20

BasePriority : Normal

FileVersion : 4, 50, 100, 33433

ProductVersion : 4, 50

ProductName : InstallShield Update Service

CompanyName : InstallShield Software Corporation

FileDescription : InstallShield Update Service Agent

InternalName : Agent

LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation

OriginalFilename : agent.exe

 

#:56 [dlg.exe]

FilePath : C:\Program Files\Digital Line Detect\

ProcessID : 1156

ThreadCreationTime : 03-09-2006 12:28:25

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : BVRP Software TestLine

CompanyName : BVRP Software

FileDescription : Digital Line Detection

InternalName : TestLine

LegalCopyright : Copyright © 2003

OriginalFilename : TestLine.exe

 

#:57 [prismcfg.exe]

FilePath : C:\Program Files\Dell Wireless\

ProcessID : 1328

ThreadCreationTime : 03-09-2006 12:28:26

BasePriority : Normal

FileVersion : 2.01.13 (Alpha)

ProductVersion : 2.01.13.0013 (Alpha)

ProductName : USB 2.0 Wireless LAN

CompanyName : Dell Inc.

FileDescription : Wireless Card Utility

InternalName : PRISMCFG.exe

LegalCopyright : Copyright © 2004, Dell Inc.

OriginalFilename : PRISMCFG.exe

Comments : Dell Corporation (www.dell.com)

 

#:58 [iexplore.exe]

FilePath : C:\Program Files\Internet Explorer\

ProcessID : 1992

ThreadCreationTime : 03-09-2006 12:46:36

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : IEXPLORE.EXE

 

#:59 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

ProcessID : 5620

ThreadCreationTime : 03-09-2006 13:54:02

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 38

Share this post


Link to post
Share on other sites

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 38

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 38

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:4

Value : Cookie:marcus [email protected]/

Expires : 01-01-2036 01:00:00

LastSync : Hits:4

UseCount : 0

Hits : 4

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:5

Value : Cookie:marcus [email protected]/

Expires : 22-06-2009 01:00:00

LastSync : Hits:5

UseCount : 0

Hits : 5

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:marcus [email protected]/

Expires : 21-07-2036 10:46:32

LastSync : Hits:2

UseCount : 0

Hits : 2

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:8

Value : Cookie:marcus [email protected]/

Expires : 27-08-2011 01:00:00

LastSync : Hits:8

UseCount : 0

Hits : 8

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:3

Value : Cookie:marcus [email protected]/

Expires : 23-08-2026 20:46:22

LastSync : Hits:3

UseCount : 0

Hits : 3

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:13

Value : Cookie:marcus [email protected]/

Expires : 14-10-2006 07:11:56

LastSync : Hits:13

UseCount : 0

Hits : 13

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:54

Value : Cookie:marcus [email protected]/

Expires : 27-08-2031 15:05:22

LastSync : Hits:54

UseCount : 0

Hits : 54

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:20

Value : Cookie:marcus [email protected]/

Expires : 01-03-2016 14:57:48

LastSync : Hits:20

UseCount : 0

Hits : 20

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:69

Value : Cookie:marcus [email protected]/

Expires : 02-09-2007 16:23:38

LastSync : Hits:69

UseCount : 0

Hits : 69

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][3].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:5

Value : Cookie:marcus [email protected]/adrevolver/

Expires : 26-11-2008 03:18:34

LastSync : Hits:5

UseCount : 0

Hits : 5

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:11

Value : Cookie:marcus [email protected]/

Expires : 04-09-2006 11:19:16

LastSync : Hits:11

UseCount : 0

Hits : 11

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:marcus [email protected]/

Expires : 05-03-2006 06:00:00

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:6

Value : Cookie:marcus [email protected]/

Expires : 01-01-2021 01:00:00

LastSync : Hits:6

UseCount : 0

Hits : 6

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:4

Value : Cookie:marcus [email protected]/

Expires : 28-08-2007 11:19:16

LastSync : Hits:4

UseCount : 0

Hits : 4

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:64

Value : Cookie:marcus [email protected]/

Expires : 03-03-2011 17:48:10

LastSync : Hits:64

UseCount : 0

Hits : 64

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:marcus [email protected]/

Expires : 01-01-2021 01:00:00

LastSync : Hits:2

UseCount : 0

Hits : 2

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:6

Value : Cookie:marcus [email protected]/HTM/665/0

Expires : 04-03-2007 17:39:16

LastSync : Hits:6

UseCount : 0

Hits : 6

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:4

Value : Cookie:marcus [email protected]/

Expires : 01-03-2007 01:00:00

LastSync : Hits:4

UseCount : 0

Hits : 4

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:14

Value : Cookie:marcus [email protected]/

Expires : 02-09-2011 14:40:02

LastSync : Hits:14

UseCount : 0

Hits : 14

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:3

Value : Cookie:marcus [email protected]/

Expires : 28-08-2007 06:39:40

LastSync : Hits:3

UseCount : 0

Hits : 3

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:106

Value : Cookie:marcus [email protected]/

Expires : 30-08-2016 15:47:32

LastSync : Hits:106

UseCount : 0

Hits : 106

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:marcus [email protected]/

Expires : 01-01-2038 01:00:00

LastSync : Hits:2

UseCount : 0

Hits : 2

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:19

Value : Cookie:marcus [email protected]/

Expires : 04-03-2007 14:50:58

LastSync : Hits:19

UseCount : 0

Hits : 19

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:10

Value : Cookie:marcus [email protected]/

Expires : 27-08-2009 10:09:14

LastSync : Hits:10

UseCount : 0

Hits : 10

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:4

Value : Cookie:marcus [email protected]/

Expires : 19-08-2007 09:58:54

LastSync : Hits:4

UseCount : 0

Hits : 4

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:7

Value : Cookie:marcus [email protected]/

Expires : 25-08-2016 11:21:22

LastSync : Hits:7

UseCount : 0

Hits : 7

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:13

Value : Cookie:marcus [email protected]/

Expires : 02-02-2016 18:32:26

LastSync : Hits:13

UseCount : 0

Hits : 13

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:3

Value : Cookie:marcus [email protected]/

Expires : 02-08-2011 11:22:24

LastSync : Hits:3

UseCount : 0

Hits : 3

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:5

Value : Cookie:marcus [email protected]/

Expires : 03-05-2006 17:28:12

LastSync : Hits:5

UseCount : 0

Hits : 5

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:3

Value : Cookie:marcus [email protected]/adrevolver/

Expires : 17-05-2009 07:58:44

LastSync : Hits:3

UseCount : 0

Hits : 3

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:6

Value : Cookie:marcus [email protected]/

Expires : 03-04-2006 17:12:18

LastSync : Hits:6

UseCount : 0

Hits : 6

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Cookies\marcus [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Cookies\marcus [email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Cookies\marcus [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Cookies\marcus [email protected][1].txt

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 35

Objects found so far: 73

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus [email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][3].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus [email protected][3].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus [email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@atdmt[2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus barnes@casalemedia[2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@casalemedia[2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus barnes@doubleclick[1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@doubleclick[1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus barnes@ehg-bskyb.hitbox[2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@ehg-bskyb.hitbox[2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus barnes@ehg-ignitemedia.hitbox[2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@ehg-ignitemedia.hitbox[2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus barnes@etype.adbureau[2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@etype.adbureau[2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus barnes@hitbox[1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@hitbox[1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus barnes@maxserving[2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@maxserving[2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus barnes@mediaplex[1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@mediaplex[1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus barnes@questionmarket[1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@questionmarket[1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus barnes@realmedia[1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@realmedia[1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus barnes@redeye.willhill[2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@redeye.willhill[2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus barnes@statse.webtrendslive[2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@statse.webtrendslive[2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus barnes@tradedoubler[1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@tradedoubler[1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus barnes@tribalfusion[1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@tribalfusion[1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus barnes@valueclick[1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@valueclick[1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marcus barnes@xml.bravenetmedianetwork[1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Marcus Barnes\Local Settings\Temp\Cookies\marcus barnes@xml.bravenetmedianetwork[1].txt

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 97

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 97

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 97

 

15:10:36 Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:14:38.641

Objects scanned:190697

Objects identified:59

Objects ignored:0

New critical objects:59

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 15:16:59, on 03/09/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\PRISMSVR.EXE

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\McAfee.com\VSO\oasclnt.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

c:\program files\mcafee.com\vso\mcvsshld.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\PROGRA~1\mcafee.com\mps\mscifapp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

c:\program files\common files\installshield\updateservice\isuspm.exe

C:\Documents and Settings\Marcus Barnes\My Documents\Windows Registry Repair Pro\RegistryRepairPro.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell Wireless\PRISMCFG.exe

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HijackThis\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\blank.htm

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll

O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Documents and Settings\Marcus Barnes\My Documents\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Documents and Settings\Marcus Barnes\My Documents\Windows Registry Repair Pro\RegistryRepairPro.exe 4

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\DOCUME~1\MARCUS~1\MYDOCU~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\DOCUME~1\MARCUS~1\MYDOCU~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

Share this post


Link to post
Share on other sites
When I was running the full scan on Adaware, my McAfee virus protection kept popping up something about Puper trojan being found in several files within C:\System Volume Information or something like that? It said it could not be deleted or quarantined as it was write protected??
Yes, entries in the System Volume Information folder are protected by Windows from any 3rd party tools. That is your system restore backups. We'll purge those last, since nothing can run from there - it is only a threat should you choose to restore to a prior point (so don't do that at this time until we purge the old one. I'll cover that after we get your PC clean and working right)

 

Looks like just some orphaned entries in the registry left. HijackThis can fix those.

 

Open HijackThis and do a *system scan only*

 

When it finishes, checkmark these entries and then press the *fix checked* button

 

O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)

O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)

O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)

 

Let me know if you have any remaining issues you are seeing?

Share this post


Link to post
Share on other sites

I have "fixed" the 3 entries to which you refer.

 

I am not noticing any other problems at present.

 

However, I was slightly concerned by the number of "critical objects" found by Adaware?!

Share this post


Link to post
Share on other sites
However, I was slightly concerned by the number of "critical objects" found by Adaware?!

This is what was found:

 

MRU List(TAC index:0):38 total references

Tracking Cookie(TAC index:3):59 total references

 

MRU's are not considered a threat, and in fact the "most recently used" lists can be helpful at times.

 

Cookies are also not really considered a threat either as they cannot harm your computer or cause hijacks. For some may consider them a privacy risk, it's not really related to your larger problem of the hijack, as there were no files nor registry items included in what was found.

 

Some final cleanup and prevention recomendations follow.

 

You can go ahead and delete any special tools we used (SmitRem, SmitfraudFix, ComboFix, etc). They won't serve a future purpose and are replaced with updated versions frequently, so the copies you have are probably already out of date and no need to keep them.

 

Do a disk cleanup. Go to Start > Run and type in the box: Cleanmgr

Wait while Windows scans your system for files to delete.

Make sure these 3 are checkmarked and press *ok* to delete them.

 

Temporary Files

Temporary Internet Files

Recycle Bin

 

Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?

 

One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.

 

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

 

(winXP)

 

1. Turn off System Restore.

Go to Start and right-click on *My Computer*.

Click Properties.

Click the System Restore tab.

Put a Checkmark in the box next to "Turn off System Restore".

Click Apply, and then click OK.

 

2. Reboot.

 

3. Turn ON System Restore.

Go to Start and right-click on *My Computer*.

Click Properties.

Click the System Restore tab.

Remove the checkmark next to "Turn off System Restore".

Click Apply, and then click OK.

 

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/default.aspx?...kb;en-us;310405

......................

I can't stress enough the importance of having your Windows critical Security Updates. Most malware today uses exploits on unpatched systems to creep onto your system without your even doing anything but visiting an infected webpage!!

 

Watch what you download, be careful where you surf, and don't trust attachments or even links in email and Instant messages. Even if they come from a buddy, that buddy could be the one infected and it is the virus sending that link from his account. You click on it thinking he is trusted, and *boom* you're infected.

Many "Phishing" attempts are made by cleverly crafted email to look like it is coming from an "official" source (like Microsoft, or your bank, or some other provider). Don't click on links in those. Go directly to the site instead and navigate the menus - don't trust email you think came from a "safe source" unless you are expecting it! There is more in the link I will provide below, but those are the choice avenues of infection these days.

Stay far AWAY from cracks and warez sites - you're sure to get infected files there, and the same can be said for files downloaded from p2p (more than half are usually infected and probably not detectable by your current security software - the newest nasties are always released in those venues).

 

A word about shared computers and networks.

Share Your PC

http://www.microsoft.com/windowsxp/using/s...hare/intro.mspx

Not all users need to have Admin Accounts. It is much safer to have most of your users on a shared system running as Limited User accounts. That way, if there is "an accident", it will only affect one user's account and not the entire system.

 

 

Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help :D.

How do I prevent Browser Hijacks and Spyware?

http://www.dslreports.com/faq/13620

 

I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE

Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!

Windows Update

http://update.microsoft.com/microsoftupdate/

 

And see this link for instructions on how to configure the enhanced security features in SP2:

http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

 

I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.

 

MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:

Microsoft Baseline Security Analyzer

http://www.microsoft.com/technet/security/...s/mbsahome.mspx

Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.

 

Also visit this Free Online Scanner from Microsoft for PC Health and Safety

http://safety.live.com/site/en-US/default.htm

and Microsoft Security At Home

http://www.microsoft.com/athome/security/default.mspx

for tips to Protect your Pc, Protect yourself and Protect your Family.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0