Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log


  • Please log in to reply
6 replies to this topic

#1 a71as

a71as

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 22 June 2005 - 10:48 PM

Logfile of HijackThis v1.99.1
Scan saved at 10:16:13 PM, on 6/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\iISystem Wiper\SystemWiper.exe
C:\Program Files\AIM+\AIM+.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [pvuwcbn] c:\windows\system32\urrqsx.exe r
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} - http://cabs.media-motor.net/cabs/alien.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

I dont know why but sometimes my computer will be working fine, and then hours later it'll start slowing down to the point of where it seems as though the computer is frozen.

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:04:06 PM

Posted 23 June 2005 - 09:10 PM

Hello there!

Please confirm that you have run the following scans or run them now. Save any logs that you generate - we may need them later. Also, please provide me with a description of the problem you are experiencing. Before you ask for help read this.

Anti-spyware

Please download, update and run (one at a time of course!) Spybot Search & Destroy v1.4and Ad-aware SE v1.06. Fix whatever they suggest.

If you would like to learn more about how to use these two programs with the proper settings you can read the tutorials below:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer.

Using Spybot - Search & Destroy to remove Spyware, Malware, & Hijackers from Your Computer.


Anti-trojan
Please download, update and run the A2 (A squared) anti-trojan. You can download it free at http://www.emsisoft.com/en/software/free/ . Let it fix whatever it wants to.


Anti-virus

Also, run this pc through the Panda Scan Online virus scanner.
Online Virus Scanners FAQ


Open notepad and paste in the following lines:

del c:\ *.tmp
del %temp%\*.tmp /f
del %windir%\prefetch\*.*
del %windir%\temp\*.* /f
del C:\documents and settings\*\local settings\temp\*.*

Save to desktop as 'clean.bat' , file types as 'all-files'.

DoubleClick on the icon, and say yes when prompted.

Next, please reboot & post a fresh HijackThis log. If you have any problems with one part of this instruction make a note of it and continue onto the next section. Let me know any problems in your next post.

#3 a71as

a71as
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 24 June 2005 - 09:35 PM

My problems as of now consist of still unusually slow loading times, when i restarted the computer, once it got the screen where u choose what user u want to log on as, it restarted itself again, and i have this message that says "invalid backweb id" when ever i turn on or restart my computer. Also there are no menus in the task manager, ie "file" etc. they dissappeared.

Logfile of HijackThis v1.99.1
Scan saved at 9:29:29 PM, on 6/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iISystem Wiper\SystemWiper.exe
C:\Program Files\AIM+\AIM+.exe
C:\PROGRA~1\AIM\aim.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [pvuwcbn] c:\windows\system32\urrqsx.exe r
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Edited by a71as, 24 June 2005 - 11:20 PM.


#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:04:06 PM

Posted 25 June 2005 - 09:04 AM

Put a checkmark next to the following entries in HijackThis. Make sure all
other windows and browsers are closed before clicking on “Fix Checked”
.


O4 - HKLM\..\Run: [pvuwcbn] c:\windows\system32\urrqsx.exe r
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

***********************************************************************

Can I see your Adaware log please? Your HJT log isn't telling me all that much.

Here is how you get the Adaware SE log file:

Navigate to your Ad-aware SE folder: C:\Documents and Settings\USER NAME\Application Data\Lavasoft\Ad-Aware\Logs.

Open this folder and find the correct log.
The logs are named "Ad-Aware-log ##-##-##.txt (the #'s will be the date of the scan).



#5 a71as

a71as
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 25 June 2005 - 11:02 AM

Lavasoft Ad-Aware Personal Build 1.03
Logfile created on:Friday, June 24, 2005 1:47:00 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R51 21.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MediaMotor(TAC index:8):4 total references
MRU List(TAC index:0):18 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
SahAgent(TAC index:9):2 total references
Tracking Cookie(TAC index:3):21 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


6-24-2005 1:47:00 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-2875319344-1461239073-1979691834-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-2875319344-1461239073-1979691834-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-2875319344-1461239073-1979691834-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-2875319344-1461239073-1979691834-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-2875319344-1461239073-1979691834-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-2875319344-1461239073-1979691834-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-2875319344-1461239073-1979691834-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-2875319344-1461239073-1979691834-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-2875319344-1461239073-1979691834-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-2875319344-1461239073-1979691834-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-2875319344-1461239073-1979691834-1003\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions


MRU List Object Recognized!
Location: : S-1-5-21-2875319344-1461239073-1979691834-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-2875319344-1461239073-1979691834-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-2875319344-1461239073-1979691834-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 480
ThreadCreationTime : 6-23-2005 4:25:33 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 528
ThreadCreationTime : 6-23-2005 4:25:35 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\SYSTEM32\
ProcessID : 552
ThreadCreationTime : 6-23-2005 4:25:36 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 596
ThreadCreationTime : 6-23-2005 4:25:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 608
ThreadCreationTime : 6-23-2005 4:25:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 760
ThreadCreationTime : 6-23-2005 4:25:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 820
ThreadCreationTime : 6-23-2005 4:25:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 888
ThreadCreationTime : 6-23-2005 4:25:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 976
ThreadCreationTime : 6-23-2005 4:25:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1032
ThreadCreationTime : 6-23-2005 4:25:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1168
ThreadCreationTime : 6-23-2005 4:25:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1496
ThreadCreationTime : 6-23-2005 4:25:46 PM
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:13 [defwatch.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 1516
ThreadCreationTime : 6-23-2005 4:25:46 PM
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright 1998 - 2004 Symantec Corporation. All rights reserved.
OriginalFilename : DefWatch.exe

#:14 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 1548
ThreadCreationTime : 6-23-2005 4:25:46 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:15 [ewidoguard.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 1572
ThreadCreationTime : 6-23-2005 4:25:46 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe

#:16 [omniserv.exe]
FilePath : C:\Program Files\Softex\OmniPass\
ProcessID : 1704
ThreadCreationTime : 6-23-2005 4:25:46 PM
BasePriority : Normal


#:17 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1864
ThreadCreationTime : 6-23-2005 4:25:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:18 [opxpapp.exe]
FilePath : C:\Program Files\Softex\OmniPass\
ProcessID : 1924
ThreadCreationTime : 6-23-2005 4:25:50 PM
BasePriority : Normal


#:19 [rtvscan.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 1948
ThreadCreationTime : 6-23-2005 4:25:50 PM
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

#:20 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2028
ThreadCreationTime : 6-23-2005 4:25:50 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:21 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 140
ThreadCreationTime : 6-23-2005 4:25:51 PM
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:22 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1408
ThreadCreationTime : 6-23-2005 4:25:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:23 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2768
ThreadCreationTime : 6-23-2005 4:26:09 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:24 [hpsysdrv.exe]
FilePath : C:\windows\system\
ProcessID : 2936
ThreadCreationTime : 6-23-2005 4:26:12 PM
BasePriority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe

#:25 [hkcmd.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2964
ThreadCreationTime : 6-23-2005 4:26:12 PM
BasePriority : Normal
FileVersion : 3.0.0.3889
ProductVersion : 7.0.0.3889
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : HKCMD.EXE

#:26 [ps2.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3016
ThreadCreationTime : 6-23-2005 4:26:12 PM
BasePriority : Normal


#:27 [wkufind.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ProcessID : 3024
ThreadCreationTime : 6-23-2005 4:26:12 PM
BasePriority : Normal
FileVersion : 7.00.0716.0
ProductVersion : 7.00.0716.0
ProductName : Update Detection Module
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Update Detection
InternalName : WkUFind
LegalCopyright : Copyright © 1987-2002 Microsoft Corporation.
OriginalFilename : WkUFind.exe

#:28 [tgcmd.exe]
FilePath : C:\Program Files\support.com\bin\
ProcessID : 3032
ThreadCreationTime : 6-23-2005 4:26:13 PM
BasePriority : Normal
FileVersion : 5,5,402,0
ProductVersion : 5,5,402,0
ProductName : Support.com Scheduler and Command Dispatcher
CompanyName : Support.com, Inc.
FileDescription : Support.com Scheduler and Command Dispatcher
InternalName : TGCMD
LegalCopyright : Copyright 1997-2069 Support.com
OriginalFilename : TGCMD.EXE

#:29 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_03\bin\
ProcessID : 3048
ThreadCreationTime : 6-23-2005 4:26:13 PM
BasePriority : Normal


#:30 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 3064
ThreadCreationTime : 6-23-2005 4:26:14 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:31 [hpztsb09.exe]
FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\
ProcessID : 3076
ThreadCreationTime : 6-23-2005 4:26:15 PM
BasePriority : Normal
FileVersion : 2.241.0.0
ProductVersion : 2.241.0.0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2003

#:32 [hpcmpmgr.exe]
FilePath : C:\Program Files\HP\hpcoretech\
ProcessID : 3148
ThreadCreationTime : 6-23-2005 4:26:16 PM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.5
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2004
OriginalFilename : HpCmpMgr.exe

#:33 [hphmon05.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3184
ThreadCreationTime : 6-23-2005 4:26:16 PM
BasePriority : Normal
FileVersion : 5,2,10
ProductVersion : 5,2,10
ProductName : HP Photosmart
CompanyName : Hewlett-Packard
FileDescription : HPHmon05
InternalName : HPHmon05
LegalCopyright : Copyright © 2003
OriginalFilename : HPHmon05.exe

#:34 [hpwuschd2.exe]
FilePath : C:\Program Files\Hewlett-Packard\HP Software Update\
ProcessID : 3240
ThreadCreationTime : 6-23-2005 4:26:17 PM
BasePriority : Normal
FileVersion : 3, 0, 38, 1
ProductVersion : 3, 0, 38, 1
ProductName : HP Software Update Application
CompanyName : Hewlett-Packard Company
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd.exe

#:35 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 3264
ThreadCreationTime : 6-23-2005 4:26:17 PM
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:36 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~1\
ProcessID : 3272
ThreadCreationTime : 6-23-2005 4:26:17 PM
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

#:37 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 3288
ThreadCreationTime : 6-23-2005 4:26:18 PM
BasePriority : Normal
FileVersion : 4.7.0.42
ProductVersion : 4.7.0.42
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:38 [igfxtray.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3296
ThreadCreationTime : 6-23-2005 4:26:18 PM
BasePriority : Normal
FileVersion : 3.0.0.3889
ProductVersion : 7.0.0.3889
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : IGFXTRAY.EXE

#:39 [viewmgr.exe]
FilePath : C:\Program Files\Viewpoint\Viewpoint Manager\
ProcessID : 3344
ThreadCreationTime : 6-23-2005 4:26:19 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 42
ProductVersion : 2, 0, 0, 42
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright © 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager

#:40 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 3352
ThreadCreationTime : 6-23-2005 4:26:19 PM
BasePriority : Normal
FileVersion : 4.7.0.42
ProductVersion : 4.7.0.42
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:41 [systemwiper.exe]
FilePath : C:\Program Files\iISystem Wiper\
ProcessID : 3452
ThreadCreationTime : 6-23-2005 4:26:21 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 2, 3, 0, 1
ProductName : iISystem Wiper
CompanyName : iISoftware
FileDescription : iISystem Wiper
InternalName : SystemWiper
LegalCopyright : Copyright © 2002
OriginalFilename : SystemWiper.EXE

#:42 [hpzipm12.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3472
ThreadCreationTime : 6-23-2005 4:26:22 PM
BasePriority : Normal
FileVersion : 7, 0, 0, 0
ProductVersion : 7, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe

#:43 [aim+.exe]
FilePath : C:\Program Files\AIM+\
ProcessID : 3480
ThreadCreationTime : 6-23-2005 4:26:23 PM
BasePriority : Normal
FileVersion : 2, 2, 1, 65
ProductVersion : 2, 2, 1, 65
ProductName : AIM+
CompanyName : Big-O Software
FileDescription : AIM+
InternalName : AIM+
LegalCopyright : Copyright © 2001
OriginalFilename : AIM+.exe
Comments : [ 06.10.2002 ]

#:44 [psfree.exe]
FilePath : C:\PROGRA~1\PANICW~1\POP-UP~1\
ProcessID : 3536
ThreadCreationTime : 6-23-2005 4:26:24 PM
BasePriority : Normal
FileVersion : 3, 1, 0, 1012
ProductVersion : 1, 0, 0, 1
ProductName : Pop-Up Stopper Free Edition
CompanyName : Panicware, Inc.
FileDescription : Pop-Up Stopper Free Edition
InternalName : Pop-Up Stopper Free Edition
LegalCopyright : Copyright © 2002-2003
OriginalFilename : PSFree.exe

#:45 [aim.exe]
FilePath : C:\PROGRA~1\AIM\
ProcessID : 3544
ThreadCreationTime : 6-23-2005 4:26:24 PM
BasePriority : Normal
FileVersion : 5.9.3797
ProductVersion : 5.9.3797
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:46 [ares.exe]
FilePath : C:\Program Files\Ares\
ProcessID : 3720
ThreadCreationTime : 6-23-2005 4:26:33 PM
BasePriority : Normal
FileVersion : 1.8.1.2943
ProductVersion : 1.8.1
ProductName : Ares for windows
CompanyName : Ares Development Group
FileDescription : Ares
InternalName : Ares
OriginalFilename : ARES.EXE
Comments : http://www.aresgalaxy.org

#:47 [sonytray.exe]
FilePath : C:\Program Files\Sony Corporation\Image Transfer\
ProcessID : 3752
ThreadCreationTime : 6-23-2005 4:26:35 PM
BasePriority : Normal


#:48 [limewire.exe]
FilePath : C:\Program Files\LimeWire\
ProcessID : 3768
ThreadCreationTime : 6-23-2005 4:26:35 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : LimeWire
CompanyName : Lime Wire, LLC
FileDescription : LimeWire
InternalName : LimeWire
LegalCopyright : Copyright © 2004
OriginalFilename : LimeWire.exe
Comments : The most advanced file sharing program on the planet.

#:49 [prifw.exe]
FilePath : C:\Program Files\Primedius\Firewall\
ProcessID : 1296
ThreadCreationTime : 6-23-2005 4:27:11 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : NDIS_FIREWALL Application
FileDescription : NDIS_FIREWALL MFC Application
InternalName : NDIS_FIREWALL
LegalCopyright : Copyright © 2003
OriginalFilename : NDIS_FIREWALL.EXE

#:50 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3588
ThreadCreationTime : 6-24-2005 4:25:55 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:51 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2704
ThreadCreationTime : 6-24-2005 4:26:19 PM
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:52 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 5212
ThreadCreationTime : 6-24-2005 6:46:09 PM
BasePriority : Normal
FileVersion : 6.2.0.162
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e0ce16cb-741c-4b24-8d04-a817856e07f4}

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : iobjsafety.democtl

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\media-motor

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 21


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (http://cabs.media-motor.net/cabs/alien.cab)

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://cabs.media-motor.net/cabs/alien.cab
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 22


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@edge.ru4[2].txt
Category : Data Miner
Comment : Cookie:owner@edge.ru4.com/
Value : Cookie:owner@edge.ru4.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@cgi-bin[1].txt
Category : Data Miner
Comment : Cookie:owner@imrworldwide.com/cgi-bin
Value : Cookie:owner@imrworldwide.com/cgi-bin

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@bs.serving-sys[1].txt
Category : Data Miner
Comment : Cookie:owner@bs.serving-sys.com/
Value : Cookie:owner@bs.serving-sys.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@questionmarket[1].txt
Category : Data Miner
Comment : Cookie:owner@questionmarket.com/
Value : Cookie:owner@questionmarket.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@media.fastclick[1].txt
Category : Data Miner
Comment : Cookie:owner@media.fastclick.net/
Value : Cookie:owner@media.fastclick.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@revenue[2].txt
Category : Data Miner
Comment : Cookie:owner@revenue.net/
Value : Cookie:owner@revenue.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@qsrch[2].txt
Category : Data Miner
Comment : Cookie:owner@qsrch.com/
Value : Cookie:owner@qsrch.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@qksrv[2].txt
Category : Data Miner
Comment : Cookie:owner@qksrv.net/
Value : Cookie:owner@qksrv.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@2o7[2].txt
Category : Data Miner
Comment : Cookie:owner@2o7.net/
Value : Cookie:owner@2o7.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@zedo[2].txt
Category : Data Miner
Comment : Cookie:owner@zedo.com/
Value : Cookie:owner@zedo.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@apmebf[2].txt
Category : Data Miner
Comment : Cookie:owner@apmebf.com/
Value : Cookie:owner@apmebf.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@z1.adserver[1].txt
Category : Data Miner
Comment : Cookie:owner@z1.adserver.com/
Value : Cookie:owner@z1.adserver.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@fastclick[2].txt
Category : Data Miner
Comment : Cookie:owner@fastclick.net/
Value : Cookie:owner@fastclick.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@ads.addynamix[1].txt
Category : Data Miner
Comment : Cookie:owner@ads.addynamix.com/
Value : Cookie:owner@ads.addynamix.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@maxserving[2].txt
Category : Data Miner
Comment : Cookie:owner@maxserving.com/
Value : Cookie:owner@maxserving.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@trafficmp[1].txt
Category : Data Miner
Comment : Cookie:owner@trafficmp.com/
Value : Cookie:owner@trafficmp.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@ads.pointroll[1].txt
Category : Data Miner
Comment : Cookie:owner@ads.pointroll.com/
Value : Cookie:owner@ads.pointroll.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@casalemedia[1].txt
Category : Data Miner
Comment : Cookie:owner@casalemedia.com/
Value : Cookie:owner@casalemedia.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@centrport[2].txt
Category : Data Miner
Comment : Cookie:owner@centrport.net/
Value : Cookie:owner@centrport.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@perf.overture[1].txt
Category : Data Miner
Comment : Cookie:owner@perf.overture.com/
Value : Cookie:owner@perf.overture.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@serving-sys[1].txt
Category : Data Miner
Comment : Cookie:owner@serving-sys.com/
Value : Cookie:owner@serving-sys.com/

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 21
Objects found so far: 43



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

SahAgent Object Recognized!
Type : File
Data : A0300934.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP610\
FileVersion : 4, 0, 2, 3
ProductVersion : 4, 0, 2, 3


SahAgent Object Recognized!
Type : File
Data : A0300935.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP610\
FileVersion : 4, 0, 2, 3
ProductVersion : 4, 0, 2, 3


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 45


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 45


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
12 entries scanned.
New critical objects:0
Objects found so far: 45




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mm

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 46

2:07:28 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:20:27.766
Objects scanned:186606
Objects identified:28
Objects ignored:0
New critical objects:28

#6 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:04:06 PM

Posted 25 June 2005 - 11:12 AM

That helps a little. We need to do a little registry fishing and see if the keys are still in the registry. When you first open the registry, make sure that you make a backup first.

Directions for backing up registry

  1. Click Start > Run.
   2. Type regedit

      Then click OK.

   3. Navigate to the subkey:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

   4. In the right pane, delete the value:

      "popuppers65"="[path to file]"

   5. Navigate to the subkey:

      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net\

   6. In the right pane, delete the value:

      "*"="2"

   7. Navigate to the subkey:

      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com\

   8. In the right pane, delete the value:

      "*"="2"

   9. Exit the registry editor.

If you feel that is over your head, then boot into safe mode (tap f8 during the boot sequence until you can select safe mode), then run Adaware and SSpybot again.

Reboot into normal mode, and post up your new Adaware log, as well as a HJT log please. :thumbsup:

#7 a71as

a71as
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 27 June 2005 - 03:23 PM

I didnt find those things on the registry, but I found awhole bunch of random site things like casino stuff and the names of porn sites.

Logfile of HijackThis v1.99.1
Scan saved at 3:19:33 PM, on 6/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iISystem Wiper\SystemWiper.exe
C:\Program Files\AIM+\AIM+.exe
C:\PROGRA~1\AIM\aim.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Monday, May 31, 2004 6:14:57 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R311 27.05.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


5-31-2004 6:14:57 PM - Scan started. (Smart mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 5-31-2004 8:55:42 PM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\System32\
ThreadCreationTime : 5-31-2004 8:55:44 PM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-31-2004 8:55:44 PM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 4/25/2003 3:44:59 PM
Last accessed : 5/31/2004 11:14:57 PM
Last modified : 8/29/2002 12:00:00 PM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-31-2004 8:55:44 PM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 4/25/2003 4:24:10 PM
Last accessed : 5/31/2004 11:14:57 PM
Last modified : 8/29/2002 12:00:00 PM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-31-2004 8:55:44 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 4/25/2003 3:45:10 PM
Last accessed : 5/31/2004 11:14:57 PM
Last modified : 8/29/2002 12:00:00 PM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-31-2004 8:55:44 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 4/25/2003 3:45:10 PM
Last accessed : 5/31/2004 11:14:57 PM
Last modified : 8/29/2002 12:00:00 PM

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-31-2004 8:55:45 PM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 4/25/2003 3:45:08 PM
Last accessed : 5/31/2004 11:14:57 PM
Last modified : 8/29/2002 12:00:00 PM

#:8 [acsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ThreadCreationTime : 5-31-2004 8:55:54 PM
BasePriority : Normal
FileSize : 1360 KB
FileVersion : 1,0,23,5
ProductVersion : 1,0,23,5
Copyright : Copyright
CompanyName : America Online, Inc.
FileDescription : AOL Connectivity Service
InternalName : acsd
OriginalFilename : acsd.exe
ProductName : AOL Connectivity Service
Created on : 10/13/2003 10:04:31 PM
Last accessed : 5/31/2004 11:14:57 PM
Last modified : 10/30/2003 11:48:46 PM

#:9 [avgserv.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG6\
ThreadCreationTime : 5-31-2004 8:55:54 PM
BasePriority : Normal
FileSize : 20 KB
FileVersion : 6.0.1.9
ProductVersion : 6.0.1.9
Copyright : Copyright © GRISOFT© SOFTWARE 1998-2001
CompanyName : GRISOFT© SOFTWARE s.r.o
FileDescription : AvgServ - displays notification message
InternalName : AvgServ
OriginalFilename : AvgServ
ProductName : AVG6
Created on : 7/16/2003 1:18:15 AM
Last accessed : 5/31/2004 11:14:57 PM
Last modified : 7/10/2003 11:00:00 AM

#:10 [omniserv.exe]
FilePath : C:\Program Files\Softex\OmniPass\
ThreadCreationTime : 5-31-2004 8:55:55 PM
BasePriority : Normal
FileSize : 67 KB
Created on : 4/10/2003 10:52:30 AM
Last accessed : 5/31/2004 11:14:57 PM
Last modified : 2/21/2003 11:07:06 AM

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-31-2004 8:55:56 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 4/25/2003 3:45:10 PM
Last accessed : 5/31/2004 11:14:57 PM
Last modified : 8/29/2002 12:00:00 PM

#:12 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ThreadCreationTime : 5-31-2004 8:55:56 PM
BasePriority : Normal
FileSize : 893 KB
FileVersion : 5.0.590.015
ProductVersion : 5.0.590.015
Copyright : Copyright
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
OriginalFilename : vsmon.exe
ProductName : TrueVector Service
Created on : 5/27/2004 12:20:54 PM
Last accessed : 5/31/2004 11:14:57 PM
Last modified : 5/17/2004 9:55:26 AM

#:13 [opxpapp.exe]
FilePath : C:\Program Files\Softex\OmniPass\
ThreadCreationTime : 5-31-2004 8:55:56 PM
BasePriority : Normal
FileSize : 52 KB
Created on : 4/10/2003 10:52:30 AM
Last accessed : 5/31/2004 11:14:57 PM
Last modified : 2/21/2003 10:50:10 AM

#:14 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 5-31-2004 8:56:00 PM
BasePriority : Normal
FileSize : 64 KB
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
Copyright : Copyright
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
OriginalFilename : WanMPSvc.exe
ProductName : America Online
Created on : 6/17/2003 12:43:47 AM
Last accessed : 5/31/2004 11:14:57 PM
Last modified : 7/30/2002 8:16:20 PM

#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 5-31-2004 8:56:06 PM
BasePriority : Normal
FileSize : 973 KB
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 5/12/2003 2:12:10 AM
Last accessed : 5/31/2004 11:14:57 PM
Last modified : 5/12/2003 2:12:10 AM

#:16 [hpsysdrv.exe]
FilePath : C:\windows\system\
ThreadCreationTime : 5-31-2004 8:56:07 PM
BasePriority : Normal
FileSize : 51 KB
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
Copyright : Copyright
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
OriginalFilename : hpsysdrv.exe
ProductName : hpsysdrv
Created on : 4/10/2003 10:14:06 AM
Last accessed : 5/31/2004 11:14:57 PM
Last modified : 5/7/1998 11:04:38 PM

#:17 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-31-2004 8:56:07 PM
BasePriority : Normal
FileSize : 112 KB
FileVersion : 3,0,0,2082
ProductVersion : 7,0,0,2082
Copyright : Copyright 1999-2003, Intel Corporation
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
OriginalFilename : HKCMD.EXE
ProductName : Intel® Common User Interface
Created on : 4/10/2003 10:24:13 AM
Last accessed : 5/31/2004 11:14:57 PM
Last modified : 3/12/2003 12:11:56 AM

#:18 [ps2.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-31-2004 8:56:07 PM
BasePriority : Normal
FileSize : 80 KB
FileVersion : 1.0.2.1
ProductVersion : 1.0.2.1
Copyright : Copyright
CompanyName : Hewlett-Packard Company
FileDescription : PS2 EXE
InternalName : PS2 EXE
OriginalFilename : Ps2.exe
ProductName : Hewlett-Packard Company PS2 EXE
Created on : 4/10/2003 10:42:47 AM
Last accessed : 5/31/2004 11:14:57 PM
Last modified : 8/1/2002 2:28:38 AM

#:19 [avgcc32.exe]
FilePath : C:\Program Files\Grisoft\AVG6\
ThreadCreationTime : 5-31-2004 8:56:08 PM
BasePriority : Normal
FileSize : 337 KB
FileVersion : 6, 0, 0, 515
ProductVersion : 6, 0, 0, 0
Copyright : Copyright
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC32
OriginalFilename : AvgCC32.EXE
ProductName : AVG Anti-Virus System
Created on : 9/21/2003 11:16:49 PM
Last accessed : 5/31/2004 11:14:57 PM
Last modified : 9/21/2003 11:16:49 PM

#:20 [wkufind.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ThreadCreationTime : 5-31-2004 8:56:08 PM
BasePriority : Normal
FileSize : 28 KB
FileVersion : 7.00.0716.0
ProductVersion : 7.00.0716.0
Copyright : Copyright
CompanyName : Microsoft
FileDescription : Microsoft
InternalName : WkUFind
OriginalFilename : WkUFind.exe
ProductName : Update Detection Module
Created on : 7/16/2002 9:21:48 PM
Last accessed : 5/31/2004 11:14:57 PM
Last modified : 7/16/2002 9:21:48 PM

#:21 [tgcmd.exe]
FilePath : C:\Program Files\support.com\bin\
ThreadCreationTime : 5-31-2004 8:56:08 PM
BasePriority : Normal
FileSize : 1508 KB
FileVersion : 5,5,402,0
ProductVersion : 5,5,402,0
Copyright : Copyright 1997-2069 Support.com
CompanyName : Support.com, Inc.
FileDescription : Support.com Scheduler and Command Dispatcher
InternalName : TGCMD
OriginalFilename : TGCMD.EXE
ProductName : Support.com Scheduler and Command Dispatcher
Created on : 4/24/2002 7:55:54 PM
Last accessed : 5/31/2004 11:14:57 PM
Last modified : 4/25/2002 1:37:43 AM

#:22 [alcxmntr.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 5-31-2004 8:56:08 PM
BasePriority : Normal
FileSize : 49 KB
FileVersion : 1.2
ProductVersion : 1.2
Copyright : Copyright © 2003 Realtek Semiconductor Corp.
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek AC97 Audio - Event Monitor
InternalName : Alcxmntr
OriginalFilename : Alcxmntr.exe
ProductName : Realtek AC97 Audio - Event Monitor
Created on : 4/10/2003 10:30:53 AM
Last accessed : 5/31/2004 11:14:57 PM
Last modified : 4/4/2003 3:35:38 AM

#:23 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_03\bin\
ThreadCreationTime : 5-31-2004 8:56:08 PM
BasePriority : Normal
FileSize : 32 KB
Created on : 11/19/2003 10:48:18 PM
Last accessed : 5/31/2004 11:14:58 PM
Last modified : 11/19/2003 10:48:14 PM

#:24 [p2p networking.exe]
FilePath : C:\WINDOWS\System32\P2P Networking\
ThreadCreationTime : 5-31-2004 8:56:08 PM
BasePriority : Normal
FileSize : 470 KB
FileVersion : 1, 25, 0, 20
ProductVersion : 1, 25, 0, 20
Copyright : Copyright
CompanyName : Joltid Ltd.
FileDescription : P2P Networking
InternalName : P2P Networking
OriginalFilename : P2P Networking.exe
ProductName : P2P Networking
Created on : 4/21/2004 12:42:07 PM
Last accessed : 5/31/2004 11:14:58 PM
Last modified : 4/21/2004 12:42:05 PM

#:25 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ThreadCreationTime : 5-31-2004 8:56:08 PM
BasePriority : Normal
FileSize : 176 KB
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealPlayer (32-bit)
Created on : 4/10/2003 10:50:52 AM
Last accessed : 5/31/2004 11:14:58 PM
Last modified : 5/14/2004 10:04:28 PM

#:26 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ThreadCreationTime : 5-31-2004 8:56:08 PM
BasePriority : Normal
FileSize : 280 KB
FileVersion : 4.5.0.31
ProductVersion : 4.5.0.31
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
OriginalFilename : iTunesHelper.exe
ProductName : iTunes
Created on : 4/21/2004 4:28:18 PM
Last accessed : 5/31/2004 11:14:58 PM
Last modified : 4/21/2004 4:28:18 PM

#:27 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ThreadCreationTime : 5-31-2004 8:56:08 PM
BasePriority : Normal
FileSize : 96 KB
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 9/15/2003 1:25:09 AM
Last accessed : 5/31/2004 11:14:58 PM
Last modified : 5/18/2004 1:56:06 AM

#:28 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ThreadCreationTime : 5-31-2004 8:56:08 PM
BasePriority : Normal
FileSize : 681 KB
FileVersion : 5.0.590.015
ProductVersion : 5.0.590.015
Copyright : Copyright
CompanyName : Zone Labs Inc.
FileDescription : Zone Labs Client
InternalName : zlclient
OriginalFilename : zlclient.exe
ProductName : Zone Labs Client
Created on : 4/10/2004 1:03:05 AM
Last accessed : 5/31/2004 11:14:58 PM
Last modified : 5/17/2004 9:56:14 AM

#:29 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ThreadCreationTime : 5-31-2004 8:56:09 PM
BasePriority : Normal
FileSize : 392 KB
FileVersion : 4.5.0.31
ProductVersion : 4.5.0.31
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
OriginalFilename : iPodService.exe
ProductName : iTunes
Created on : 4/21/2004 4:28:04 PM
Last accessed : 5/31/2004 10:17:51 PM
Last modified : 4/21/2004 4:28:04 PM

#:30 [systemwiper.exe]
FilePath : C:\Program Files\iISystem Wiper\
ThreadCreationTime : 5-31-2004 8:56:09 PM
BasePriority : Normal
FileSize : 264 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 2, 3, 0, 1
Copyright : Copyright © 2002
CompanyName : iISoftware
FileDescription : iISystem Wiper
InternalName : SystemWiper
OriginalFilename : SystemWiper.EXE
ProductName : iISystem Wiper
Created on : 9/2/2003 7:57:16 PM
Last accessed : 5/31/2004 11:14:58 PM
Last modified : 9/2/2003 7:57:16 PM

#:31 [aim+.exe]
FilePath : C:\Program Files\AIM+\
ThreadCreationTime : 5-31-2004 8:56:09 PM
BasePriority : Normal
FileSize : 302 KB
FileVersion : 2, 2, 1, 65
ProductVersion : 2, 2, 1, 65
Copyright : Copyright
CompanyName : Big-O Software
FileDescription : AIM+
InternalName : AIM+
OriginalFilename : AIM+.exe
ProductName : AIM+
Created on : 6/10/2002 7:15:03 AM
Last accessed : 5/31/2004 11:14:58 PM
Last modified : 6/10/2002 7:15:03 AM

#:32 [psfree.exe]
FilePath : C:\PROGRA~1\PANICW~1\POP-UP~1\
ThreadCreationTime : 5-31-2004 8:56:10 PM
BasePriority : Normal
FileSize : 512 KB
FileVersion : 3, 1, 0, 1012
ProductVersion : 1, 0, 0, 1
Copyright : Copyright © 2002-2003
CompanyName : Panicware, Inc.
FileDescription : Pop-Up Stopper Free Edition
InternalName : Pop-Up Stopper Free Edition
OriginalFilename : PSFree.exe
ProductName : Pop-Up Stopper Free Edition
Created on : 2/16/2004 12:42:23 AM
Last accessed : 5/31/2004 11:14:58 PM
Last modified : 10/29/2003 5:01:02 PM

#:33 [aim.exe]
FilePath : C:\PROGRA~1\AIM\
ThreadCreationTime : 5-31-2004 8:56:10 PM
BasePriority : Normal
FileSize : 60 KB
FileVersion : 5.5.3572
ProductVersion : 5.5.3572
Copyright : Copyright
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
OriginalFilename : AIM.EXE
ProductName : AOL Instant Messenger
Created on : 7/23/2003 2:34:43 AM
Last accessed : 5/31/2004 11:14:58 PM
Last modified : 2/4/2004 8:29:24 PM

#:34 [teatimer.exe]
FilePath : C:\Program Files\Spybot - Search & Destroy\
ThreadCreationTime : 5-31-2004 8:56:10 PM
BasePriority : Normal
FileSize : 1017 KB
FileVersion : 1, 3, 0, 10
ProductVersion : 1, 3, 0, 10
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
OriginalFilename : TeaTimer.exe
ProductName : Spybot - Search & Destroy
Created on : 4/21/2004 6:03:00 AM
Last accessed : 5/31/2004 11:14:58 PM
Last modified : 4/21/2004 6:03:00 AM

#:35 [ares.exe]
FilePath : C:\Program Files\Ares\
ThreadCreationTime : 5-31-2004 8:56:10 PM
BasePriority : Normal
FileSize : 803 KB
FileVersion : 1.8.1.2942
ProductVersion : 1.8.1
CompanyName : Ares Development Group
FileDescription : Ares
InternalName : Ares
OriginalFilename : ARES.EXE
ProductName : Ares for windows
Created on : 5/2/2004 4:14:01 PM
Last accessed : 5/31/2004 10:56:17 PM
Last modified : 5/2/2004 4:14:01 PM

#:36 [backweb-1940576.exe]
FilePath : C:\Program Files\Compaq Connections\1940576\Program\
ThreadCreationTime : 5-31-2004 8:56:11 PM
BasePriority : Normal
FileSize : 16 KB
Created on : 4/10/2003 11:08:26 AM
Last accessed : 5/31/2004 11:14:58 PM
Last modified : 4/10/2003 11:08:25 AM

#:37 [120util.exe]
FilePath : C:\Program Files\D-link AirPlus G DWL-G120 Wireless USB\
ThreadCreationTime : 5-31-2004 8:56:11 PM
BasePriority : Normal
FileSize : 236 KB
FileVersion : 3, 0, 5, 0
ProductVersion : 3, 0, 5, 0
Copyright : Copyright © 2002
CompanyName : D-Link
FileDescription : WLAN Adapter Utility
InternalName : WLANMON
OriginalFilename : AIRPLUS.EXE
ProductName : D-Link AirPlus
Created on : 2/25/2004 3:24:21 PM
Last accessed : 5/31/2004 10:55:42 PM
Last modified : 12/23/2003 8:02:34 PM

#:38 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ThreadCreationTime : 5-31-2004 8:59:36 PM
BasePriority : Normal
FileSize : 64 KB
Created on : 5/2/2004 2:14:21 AM
Last accessed : 5/31/2004 11:14:58 PM
Last modified : 2/4/2002 10:15:00 PM

#:39 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ThreadCreationTime : 5-31-2004 11:14:46 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 4/30/2004 8:35:23 PM
Last accessed : 5/31/2004 11:14:46 PM
Last modified : 7/13/2003 2:00:20 AM

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

NavExcel Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : navexcel.navhelper.1


PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Envolo


PeopleOnPage Object recognized!
Type : RegKey
Data : e_uninstall.log
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoUpdate


Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 3
Objects found so far: 3


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯




Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

6:15:12 PM Scan stopped by user.

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:00:14:359
Objects scanned :28119
Objects identified :3
Objects ignored :0
New objects :3




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users