Jump to content

Mithos Kionisu

Members
  • Content Count

    66
  • Joined

  • Last visited

About Mithos Kionisu

  • Rank
    Member

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Previous Fields

  • System Specifications:
    OS: Windows XP Home Edition Manufacturer: HP Pavilion 061 System Model: PJ510AA-ABA A730N Proceser: Intel Pentium 4 CPU 3.00 GHz (2 CPUs), ~3.0GHz Memory: 504 MB RAM DirectX Version: DirectX 9.0c
  • TechExpress Link:
    http://www.pcpitstop.com/techexpress.asp?id=FX0ANWZFU1CST89U
  • Teams:
    Nothing Selected
  1. #:35 [mm_tray.exe] FilePath : C:\Program Files\Musicmatch\Musicmatch Jukebox\ ProcessID : 3940 ThreadCreationTime : 12-20-2005 5:08:44 PM BasePriority : Normal FileVersion : 10.00.4015 ProductVersion : 10.00.4015 ProductName : Musicmatch Jukebox CompanyName : Musicmatch, Inc. FileDescription : mm_tray InternalName : mm_tray LegalCopyright : Copyright © Musicmatch 1998-2004 LegalTrademarks : OriginalFilename : mm_tray.exe #:36 [igfxtray.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 4032 ThreadCreationTime : 12-20-2005 5:08:45 PM BasePriority : Normal FileVersion : 3.0.0.4396 ProductVersion : 7.0.0.4396 ProductName : Intel® Common User Interface CompanyName : Intel Corporation FileDescription : igfxTray Module InternalName : IGFXTRAY LegalCopyright : Copyright 1999-2004, Intel Corporation OriginalFilename : IGFXTRAY.EXE #:37 [hkcmd.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 4076 ThreadCreationTime : 12-20-2005 5:08:45 PM BasePriority : Normal FileVersion : 3.0.0.4396 ProductVersion : 7.0.0.4396 ProductName : Intel® Common User Interface CompanyName : Intel Corporation FileDescription : hkcmd Module InternalName : HKCMD LegalCopyright : Copyright 1999-2004, Intel Corporation OriginalFilename : HKCMD.EXE #:38 [igfxpers.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 528 ThreadCreationTime : 12-20-2005 5:08:46 PM BasePriority : Normal FileVersion : 3.0.0.4396 ProductVersion : 7.0.0.4396 ProductName : Intel® Common User Interface CompanyName : Intel Corporation FileDescription : persistence Module InternalName : PERSISTENCE LegalCopyright : Copyright 1999-2004, Intel Corporation OriginalFilename : IGFXPERS.EXE #:39 [realsched.exe] FilePath : C:\Program Files\Common Files\Real\Update_OB\ ProcessID : 2376 ThreadCreationTime : 12-20-2005 5:08:47 PM BasePriority : Normal FileVersion : 0.1.0.3427 ProductVersion : 0.1.0.3427 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:40 [mmdiag.exe] FilePath : C:\PROGRA~1\MUSICM~1\MUSICM~2\ ProcessID : 2368 ThreadCreationTime : 12-20-2005 5:08:47 PM BasePriority : Normal FileVersion : 10.00.4015 ProductVersion : 10.00.4015 ProductName : Musicmatch Jukebox CompanyName : Musicmatch, Inc. FileDescription : Logging and tracing manager InternalName : MMTraceExe LegalCopyright : Copyright © Musicmatch 1998-2004 LegalTrademarks : OriginalFilename : MMTraceExe.EXE #:41 [qttask.exe] FilePath : C:\Program Files\QuickTime\ ProcessID : 2400 ThreadCreationTime : 12-20-2005 5:08:47 PM BasePriority : Normal FileVersion : 7.0.3 ProductVersion : QuickTime 7.0.3 ProductName : QuickTime CompanyName : Apple Computer, Inc. FileDescription : QuickTime Task InternalName : QuickTime Task LegalCopyright : Copyright Apple Computer, Inc. 1989-2005 OriginalFilename : QTTask.exe #:42 [jusched.exe] FilePath : C:\Program Files\Java\j2re1.4.2_03\bin\ ProcessID : 2480 ThreadCreationTime : 12-20-2005 5:08:47 PM BasePriority : Normal #:43 [pccguide.exe] FilePath : C:\Program Files\Trend Micro\Internet Security 2005\ ProcessID : 2656 ThreadCreationTime : 12-20-2005 5:08:49 PM BasePriority : Normal FileVersion : 12.10.0.1014 ProductVersion : 12.10.0 ProductName : Trend Micro Internet Security CompanyName : Trend Micro Incorporated. FileDescription : PCCGuide InternalName : PCCGuide LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Copyright © Trend Micro Incorporated. OriginalFilename : PCCGuide #:44 [ituneshelper.exe] FilePath : C:\Program Files\iTunes\ ProcessID : 2676 ThreadCreationTime : 12-20-2005 5:08:50 PM BasePriority : Normal FileVersion : 6.0.0.18 ProductVersion : 6.0.0.18 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:45 [hpcmpmgr.exe] FilePath : C:\Program Files\HP\hpcoretech\ ProcessID : 2756 ThreadCreationTime : 12-20-2005 5:08:51 PM BasePriority : Normal FileVersion : 2.1.1.0 ProductVersion : 2.1.5 ProductName : hp coretech (COmponent REuse TECHnology) CompanyName : Hewlett-Packard Company FileDescription : HP Framework Component Manager Service InternalName : HPComponentManagerService module LegalCopyright : Copyright © Hewlett-Packard. 2002-2004 OriginalFilename : HpCmpMgr.exe #:46 [ipodservice.exe] FilePath : C:\Program Files\iPod\bin\ ProcessID : 2784 ThreadCreationTime : 12-20-2005 5:08:51 PM BasePriority : Normal FileVersion : 6.0.0.18 ProductVersion : 6.0.0.18 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iPodService.exe #:47 [sysmetrix.exe] FilePath : C:\Program Files\SysMetrix\ ProcessID : 1720 ThreadCreationTime : 12-20-2005 5:08:51 PM BasePriority : Normal FileVersion : 3.04 ProductVersion : 3.04 ProductName : SysMetrix CompanyName : Nicholas Decker InternalName : SysMetrix LegalCopyright : Copyright 2002-2005, Nicholas Decker. All Rights Reserved. OriginalFilename : SysMetrix.exe #:48 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2880 ThreadCreationTime : 12-20-2005 5:08:52 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:49 [mim.exe] FilePath : C:\Program Files\Musicmatch\Musicmatch Jukebox\ ProcessID : 2992 ThreadCreationTime : 12-20-2005 5:08:53 PM BasePriority : Normal FileVersion : 10.00.4015 ProductVersion : 10.00.4015 ProductName : Musicmatch Jukebox CompanyName : Musicmatch, Inc. FileDescription : mim InternalName : mim LegalCopyright : Copyright © Musicmatch 1998-2004 LegalTrademarks : OriginalFilename : mim.exe #:50 [msnmsgr.exe] FilePath : C:\Program Files\MSN Messenger\ ProcessID : 3148 ThreadCreationTime : 12-20-2005 5:08:54 PM BasePriority : Normal FileVersion : 7.5.0299 ProductVersion : 7.5.0299 ProductName : MSN Messenger CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr LegalCopyright : Copyright © Microsoft Corporation 1997-2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msnmsgr.exe #:51 [psfree.exe] FilePath : C:\Program Files\Panicware\Pop-Up Stopper Free Edition\ ProcessID : 3160 ThreadCreationTime : 12-20-2005 5:08:55 PM BasePriority : Normal FileVersion : 3, 1, 0, 1010 ProductVersion : 1, 0, 0, 1 ProductName : Pop-Up Stopper Free Edition CompanyName : Panicware, Inc. FileDescription : Pop-Up Stopper Free Edition InternalName : Pop-Up Stopper Free Edition LegalCopyright : Copyright © 2002-2003 OriginalFilename : PSFree.exe #:52 [teatimer.exe] FilePath : C:\Program Files\Spybot - Search & Destroy\ ProcessID : 3332 ThreadCreationTime : 12-20-2005 5:08:56 PM BasePriority : Idle FileVersion : 1, 4, 0, 2 ProductVersion : 1, 4, 0, 3 ProductName : Spybot - Search & Destroy CompanyName : Safer Networking Limited FileDescription : System settings protector InternalName : TeaTimer LegalCopyright : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten. LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen. OriginalFilename : TeaTimer.exe Comments : Schützt Systemeinstellungen vor ungewollten Änderungen. #:53 [reader_sl.exe] FilePath : C:\Program Files\Adobe\Acrobat 7.0\Reader\ ProcessID : 3808 ThreadCreationTime : 12-20-2005 5:09:00 PM BasePriority : Normal FileVersion : 7.0.5.2005092300 ProductVersion : 7.0.5.2005092300 ProductName : Adobe Acrobat CompanyName : Adobe Systems Incorporated FileDescription : Adobe Acrobat SpeedLauncher LegalCopyright : Copyright 1984-2005 Adobe Systems Incorporated and its licensors. All rights reserved. OriginalFilename : AcroSpeedLaunch.exe #:54 [hpqtra08.exe] FilePath : C:\Program Files\HP\Digital Imaging\bin\ ProcessID : 4016 ThreadCreationTime : 12-20-2005 5:09:01 PM BasePriority : Normal FileVersion : 43.1.5.000 ProductVersion : 043.001.005.000 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP Digital Imaging Monitor (CUE) InternalName : HPQTRA00 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004 OriginalFilename : HPQTRA00.EXE Comments : HP Digital Imaging Monitor (CUE) #:55 [rainlendar.exe] FilePath : C:\Program Files\Rainlendar\ ProcessID : 576 ThreadCreationTime : 12-20-2005 5:09:01 PM BasePriority : Normal #:56 [rainmeter.exe] FilePath : C:\Program Files\Rainmeter\ ProcessID : 1144 ThreadCreationTime : 12-20-2005 5:09:02 PM BasePriority : Normal #:57 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2988 ThreadCreationTime : 12-20-2005 5:09:12 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:58 [hpzipm12.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3080 ThreadCreationTime : 12-20-2005 5:09:30 PM BasePriority : Normal FileVersion : 8, 0, 0, 0 ProductVersion : 8, 0, 0, 0 ProductName : HP PML CompanyName : HP FileDescription : PML Driver InternalName : PmlDrv LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company OriginalFilename : PmlDrv.exe #:59 [ad-aware.exe] FilePath : K:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2196 ThreadCreationTime : 12-20-2005 5:09:38 PM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 21 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 21 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 21 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : hp_owner@cgi-bin[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:hp_owner@imrworldwide.com/cgi-bin Tracking Cookie Object Recognized! Type : IECache Entry Data : hp_owner@realmedia[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:hp_owner@realmedia.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : hp_owner@as-eu.falkag[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:7 Value : Cookie:hp_owner@as-eu.falkag.net/ Tracking Cookie Object Recognized! Type : IECache Entry Data : hp_owner@centrport[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:hp_owner@centrport.net/ Tracking Cookie Object Recognized! Type : IECache Entry Data : hp_owner@bravenet[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:43 Value : Cookie:hp_owner@bravenet.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : hp_owner@live365[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:8 Value : Cookie:hp_owner@live365.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : hp_owner@sel.as-eu.falkag[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:hp_owner@sel.as-eu.falkag.net/ Tracking Cookie Object Recognized! Type : IECache Entry Data : hp_owner@tribalfusion[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:hp_owner@tribalfusion.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : hp_owner@citi.bridgetrack[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:hp_owner@citi.bridgetrack.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : hp_owner@2o7[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:hp_owner@2o7.net/ Tracking Cookie Object Recognized! Type : IECache Entry Data : hp_owner@serving-sys[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:5 Value : Cookie:hp_owner@serving-sys.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : hp_owner@www.entrepreneur[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:hp_owner@www.entrepreneur.com/ Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 12 Objects found so far: 33 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 33 Deep scanning and examining files (H:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for H:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 33 Deep scanning and examining files (K:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for K:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 33 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 33 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 33 9:31:17 AM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:20:54.906 Objects scanned:290571 Objects identified:12 Objects ignored:0 New critical objects:12
  2. Ad-Aware SE Build 1.06r1 Logfile Created on:Tuesday, December 20, 2005 9:10:22 AM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R81 16.12.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):21 total references Tracking Cookie(TAC index:3):12 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R81 16.12.2005 Internal build : 93 File location : K:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref File size : 563739 Bytes Total size : 1693319 Bytes Signature data size : 1659125 Bytes Reference data size : 33682 Bytes Signatures total : 47090 CSI Fingerprints total : 1214 CSI data size : 34943 Bytes Target categories : 15 Target families : 797 Memory + processor status: ========================== Number of processors : 2 Processor architecture : Intel Pentium IV Memory available:10 % Total physical memory:515372 kb Available physical memory:49732 kb Total page file size:2064716 kb Available on page file:1626264 kb Total virtual memory:2097024 kb Available virtual memory:2039708 kb OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Search for low-risk threats Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 12-20-2005 9:10:22 AM - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 584 ThreadCreationTime : 12-20-2005 5:00:20 PM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 656 ThreadCreationTime : 12-20-2005 5:00:26 PM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 680 ThreadCreationTime : 12-20-2005 5:00:26 PM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 728 ThreadCreationTime : 12-20-2005 5:00:26 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 740 ThreadCreationTime : 12-20-2005 5:00:26 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 928 ThreadCreationTime : 12-20-2005 5:00:27 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 976 ThreadCreationTime : 12-20-2005 5:00:27 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1068 ThreadCreationTime : 12-20-2005 5:00:27 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1172 ThreadCreationTime : 12-20-2005 5:00:27 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1228 ThreadCreationTime : 12-20-2005 5:00:27 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1336 ThreadCreationTime : 12-20-2005 5:00:27 PM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:12 [aspnet_admin.exe] FilePath : C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\ ProcessID : 1504 ThreadCreationTime : 12-20-2005 5:00:28 PM BasePriority : Normal FileVersion : 2.0.40607.42 (beta1.040607-4200) ProductVersion : 2.0.40607.42 ProductName : Microsoft® .NET Framework CompanyName : Microsoft Corporation FileDescription : Microsoft ASP.NET Admin Service InternalName : aspnet_admin.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : aspnet_admin.exe Comments : Flavor=Retail #:13 [adskscsrv.exe] FilePath : C:\Program Files\Common Files\Autodesk Shared\Service\ ProcessID : 1520 ThreadCreationTime : 12-20-2005 5:00:28 PM BasePriority : Normal FileVersion : 2.66.000 ProductName : Autodesk Licensing Service CompanyName : Autodesk FileDescription : System Level Service Utility #:14 [ewidoctrl.exe] FilePath : C:\Program Files\ewido\security suite\ ProcessID : 1576 ThreadCreationTime : 12-20-2005 5:00:28 PM BasePriority : Normal FileVersion : 3, 0, 0, 1 ProductVersion : 3, 0, 0, 1 ProductName : ewido control CompanyName : ewido networks FileDescription : ewido control InternalName : ewido control LegalCopyright : Copyright © 2004 OriginalFilename : ewidoctrl.exe #:15 [mdm.exe] FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\ ProcessID : 1628 ThreadCreationTime : 12-20-2005 5:00:28 PM BasePriority : Normal FileVersion : 7.00.9466 ProductVersion : 7.00.9466 ProductName : Microsoft® Visual Studio .NET CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : mdm.exe #:16 [raysat_3dsmax8server.exe] FilePath : C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\ ProcessID : 1664 ThreadCreationTime : 12-20-2005 5:00:28 PM BasePriority : Normal #:17 [pcctlcom.exe] FilePath : C:\PROGRA~1\TRENDM~1\INTERN~1\ ProcessID : 1692 ThreadCreationTime : 12-20-2005 5:00:29 PM BasePriority : Normal FileVersion : 12.10.0.1034 ProductVersion : 12.10.0 ProductName : Trend Micro Internet Security CompanyName : Trend Micro Incorporated. FileDescription : PcCtlCom Module InternalName : PcCtlCom LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Copyright © Trend Micro Incorporated. OriginalFilename : PcCtlCom.EXE #:18 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1804 ThreadCreationTime : 12-20-2005 5:00:29 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:19 [tmntsrv.exe] FilePath : C:\PROGRA~1\TRENDM~1\INTERN~1\ ProcessID : 1892 ThreadCreationTime : 12-20-2005 5:00:29 PM BasePriority : Normal FileVersion : 12.10.0.1034 ProductVersion : 12.10.0 ProductName : Trend Micro Internet Security CompanyName : Trend Micro Incorporated. FileDescription : Tmntsrv InternalName : Tmntsrv LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Copyright © Trend Micro Incorporated. OriginalFilename : Tmntsrv.exe #:20 [tmproxy.exe] FilePath : C:\PROGRA~1\TRENDM~1\INTERN~1\ ProcessID : 1952 ThreadCreationTime : 12-20-2005 5:00:29 PM BasePriority : Normal FileVersion : 1.0.0.1125 ProductVersion : 1.0.0 ProductName : Trend Micro Network Security Components 1.0 CompanyName : Trend Micro Inc. FileDescription : TmProxy.exe InternalName : TmProxy.exe LegalCopyright : Copyright © 2001-2004 Trend Micro Inc. All rights reserved. LegalTrademarks : Copyright © Trend Micro Inc. OriginalFilename : TmProxy.exe #:21 [wdfmgr.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 136 ThreadCreationTime : 12-20-2005 5:00:30 PM BasePriority : Normal FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:22 [tmpfw.exe] FilePath : C:\PROGRA~1\TRENDM~1\INTERN~1\ ProcessID : 608 ThreadCreationTime : 12-20-2005 5:00:30 PM BasePriority : Normal FileVersion : 2.0.0.1125 ProductVersion : 1.0.0 ProductName : Trend Network Security Component 1.0 CompanyName : Trend Micro Inc. FileDescription : TmPfw InternalName : TmPfw LegalCopyright : Copyright © 2001-2004 Trend Micro Inc. All rights reserved. LegalTrademarks : Copyright © Trend Micro Inc. OriginalFilename : TmPfw.exe #:23 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1388 ThreadCreationTime : 12-20-2005 5:00:34 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:24 [wbload.exe] FilePath : C:\Program Files\Stardock\Object Desktop\WindowBlinds\ ProcessID : 620 ThreadCreationTime : 12-20-2005 5:01:18 PM BasePriority : Normal FileVersion : 4.4 ProductVersion : 4.4 ProductName : WindowBlinds - http://www.windowblinds.net CompanyName : Stardock Systems, Inc FileDescription : WindowBlinds InternalName : WindowBlinds LegalCopyright : Copyright © 1997-2004 Neil Banfield, © 1998-2004 Stardock.Net, Inc OriginalFilename : WindowBlinds Comments : This is the WindowBlinds launcher app. Please do not delete this file. If you want to uninstall WindowBlinds, then use the uninstaller! #:25 [wscntfy.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1848 ThreadCreationTime : 12-20-2005 5:01:18 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Security Center Notification App InternalName : wscntfy.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wscntfy.exe #:26 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 304 ThreadCreationTime : 12-20-2005 5:01:21 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:27 [hpsysdrv.exe] FilePath : C:\windows\system\ ProcessID : 3408 ThreadCreationTime : 12-20-2005 5:08:36 PM BasePriority : Normal FileVersion : 1, 7, 0, 0 ProductVersion : 1, 7, 0, 0 ProductName : hpsysdrv CompanyName : Hewlett-Packard Company FileDescription : hpsysdrv InternalName : hpsysdrv LegalCopyright : Copyright © 1998 OriginalFilename : hpsysdrv.exe #:28 [keyhook.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3440 ThreadCreationTime : 12-20-2005 5:08:37 PM BasePriority : Normal FileVersion : 0.0.0.3591 ProductVersion : 0.0.0.3591 ProductName : SIS ® Compatible Super VGA keyboard daemon CompanyName : Silicon Integrated Systems Corporation FileDescription : SiS Compatible Super VGA Keyboard Daemon InternalName : KEYHOOK 3.59a.00 LegalCopyright : Copyright © Silicon Integrated Systems Corp. 1998-2004 OriginalFilename : KEYHOOK.EXE Comments : SiS Compatible Super VGA Keyboard Daemon #:29 [agrsmmsg.exe] FilePath : C:\WINDOWS\ ProcessID : 3460 ThreadCreationTime : 12-20-2005 5:08:37 PM BasePriority : Normal FileVersion : 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 ProductVersion : 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 ProductName : Agere SoftModem Messaging Applet CompanyName : Agere Systems FileDescription : SoftModem Messaging Applet InternalName : smdmstat.exe LegalCopyright : Copyright © Agere Systems 1998-2000 OriginalFilename : smdmstat.exe #:30 [soundman.exe] FilePath : C:\WINDOWS\ ProcessID : 3472 ThreadCreationTime : 12-20-2005 5:08:37 PM BasePriority : Normal FileVersion : 1, 0, 0, 10 ProductVersion : 1, 0, 0, 10 ProductName : Realtek HD Sound Manager CompanyName : Realtek Semiconductor Corp. FileDescription : Realtek Sound Manager InternalName : ALSMTray LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp. OriginalFilename : ALSMTray.exe Comments : Realtek HD Audio Sound Manager #:31 [ps2.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3480 ThreadCreationTime : 12-20-2005 5:08:38 PM BasePriority : Normal #:32 [wzcsldr.exe] FilePath : C:\Program Files\Alpha Networks\ANIWZCS Service\ ProcessID : 3496 ThreadCreationTime : 12-20-2005 5:08:38 PM BasePriority : Normal FileVersion : 1, 0, 2, 20724 ProductVersion : 1, 0, 2, 20724 ProductName : ANIWZCS Service Launcher (9x) CompanyName : Alpha Networks Inc. FileDescription : ANIWZCS launcher for Windows. InternalName : ANIWZCS9X LegalCopyright : Copyright © 2003, Alpha Networks Inc. OriginalFilename : ANIWZCS9X.exe #:33 [airpluscfg.exe] FilePath : C:\Program Files\D-Link\AirPlus Xtreme G\ ProcessID : 3628 ThreadCreationTime : 12-20-2005 5:08:42 PM BasePriority : Normal FileVersion : 3, 1, 6, 31104 ProductVersion : 3, 1, 6, 31104 ProductName : Wireless LAN Monitor CompanyName : D-Link FileDescription : D-Link Wireless LAN Monitor InternalName : WlanMonitor LegalCopyright : Copyright 2003©, D-Link. All Rights Reserved. LegalTrademarks : D-Link OriginalFilename : WlanMon.EXE Comments : ANIO #:34 [wdbtnmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3712 ThreadCreationTime : 12-20-2005 5:08:43 PM BasePriority : Normal FileVersion : 1, 0, 15, 0 ProductVersion : 1, 0, 15, 0 ProductName : WD Button Manager CompanyName : Western Digital Technologies, Inc. FileDescription : WD Button Manager InternalName : WD Button Manager LegalCopyright : Copyright © 2003-2004 OriginalFilename : WDBtnMgr.exe
  3. #:27 [keyhook.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2892 ThreadCreationTime : 12-17-2005 5:25:50 PM BasePriority : Normal FileVersion : 0.0.0.3591 ProductVersion : 0.0.0.3591 ProductName : SIS ® Compatible Super VGA keyboard daemon CompanyName : Silicon Integrated Systems Corporation FileDescription : SiS Compatible Super VGA Keyboard Daemon InternalName : KEYHOOK 3.59a.00 LegalCopyright : Copyright © Silicon Integrated Systems Corp. 1998-2004 OriginalFilename : KEYHOOK.EXE Comments : SiS Compatible Super VGA Keyboard Daemon #:28 [agrsmmsg.exe] FilePath : C:\WINDOWS\ ProcessID : 2908 ThreadCreationTime : 12-17-2005 5:25:50 PM BasePriority : Normal FileVersion : 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 ProductVersion : 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 ProductName : Agere SoftModem Messaging Applet CompanyName : Agere Systems FileDescription : SoftModem Messaging Applet InternalName : smdmstat.exe LegalCopyright : Copyright © Agere Systems 1998-2000 OriginalFilename : smdmstat.exe #:29 [soundman.exe] FilePath : C:\WINDOWS\ ProcessID : 2800 ThreadCreationTime : 12-17-2005 5:25:50 PM BasePriority : Normal FileVersion : 1, 0, 0, 10 ProductVersion : 1, 0, 0, 10 ProductName : Realtek HD Sound Manager CompanyName : Realtek Semiconductor Corp. FileDescription : Realtek Sound Manager InternalName : ALSMTray LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp. OriginalFilename : ALSMTray.exe Comments : Realtek HD Audio Sound Manager #:30 [ps2.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2976 ThreadCreationTime : 12-17-2005 5:25:50 PM BasePriority : Normal #:31 [wzcsldr.exe] FilePath : C:\Program Files\Alpha Networks\ANIWZCS Service\ ProcessID : 3000 ThreadCreationTime : 12-17-2005 5:25:50 PM BasePriority : Normal FileVersion : 1, 0, 2, 20724 ProductVersion : 1, 0, 2, 20724 ProductName : ANIWZCS Service Launcher (9x) CompanyName : Alpha Networks Inc. FileDescription : ANIWZCS launcher for Windows. InternalName : ANIWZCS9X LegalCopyright : Copyright © 2003, Alpha Networks Inc. OriginalFilename : ANIWZCS9X.exe #:32 [airpluscfg.exe] FilePath : C:\Program Files\D-Link\AirPlus Xtreme G\ ProcessID : 3008 ThreadCreationTime : 12-17-2005 5:25:50 PM BasePriority : Normal FileVersion : 3, 1, 6, 31104 ProductVersion : 3, 1, 6, 31104 ProductName : Wireless LAN Monitor CompanyName : D-Link FileDescription : D-Link Wireless LAN Monitor InternalName : WlanMonitor LegalCopyright : Copyright 2003©, D-Link. All Rights Reserved. LegalTrademarks : D-Link OriginalFilename : WlanMon.EXE Comments : ANIO #:33 [wdbtnmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3068 ThreadCreationTime : 12-17-2005 5:25:51 PM BasePriority : Normal FileVersion : 1, 0, 15, 0 ProductVersion : 1, 0, 15, 0 ProductName : WD Button Manager CompanyName : Western Digital Technologies, Inc. FileDescription : WD Button Manager InternalName : WD Button Manager LegalCopyright : Copyright © 2003-2004 OriginalFilename : WDBtnMgr.exe #:34 [mm_tray.exe] FilePath : C:\Program Files\Musicmatch\Musicmatch Jukebox\ ProcessID : 3100 ThreadCreationTime : 12-17-2005 5:25:51 PM BasePriority : Normal FileVersion : 10.00.4015 ProductVersion : 10.00.4015 ProductName : Musicmatch Jukebox CompanyName : Musicmatch, Inc. FileDescription : mm_tray InternalName : mm_tray LegalCopyright : Copyright © Musicmatch 1998-2004 LegalTrademarks : OriginalFilename : mm_tray.exe #:35 [igfxtray.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3116 ThreadCreationTime : 12-17-2005 5:25:51 PM BasePriority : Normal FileVersion : 3.0.0.4396 ProductVersion : 7.0.0.4396 ProductName : Intel® Common User Interface CompanyName : Intel Corporation FileDescription : igfxTray Module InternalName : IGFXTRAY LegalCopyright : Copyright 1999-2004, Intel Corporation OriginalFilename : IGFXTRAY.EXE #:36 [hkcmd.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3156 ThreadCreationTime : 12-17-2005 5:25:51 PM BasePriority : Normal FileVersion : 3.0.0.4396 ProductVersion : 7.0.0.4396 ProductName : Intel® Common User Interface CompanyName : Intel Corporation FileDescription : hkcmd Module InternalName : HKCMD LegalCopyright : Copyright 1999-2004, Intel Corporation OriginalFilename : HKCMD.EXE #:37 [igfxpers.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3168 ThreadCreationTime : 12-17-2005 5:25:52 PM BasePriority : Normal FileVersion : 3.0.0.4396 ProductVersion : 7.0.0.4396 ProductName : Intel® Common User Interface CompanyName : Intel Corporation FileDescription : persistence Module InternalName : PERSISTENCE LegalCopyright : Copyright 1999-2004, Intel Corporation OriginalFilename : IGFXPERS.EXE #:38 [realsched.exe] FilePath : C:\Program Files\Common Files\Real\Update_OB\ ProcessID : 3256 ThreadCreationTime : 12-17-2005 5:25:52 PM BasePriority : Normal FileVersion : 0.1.0.3427 ProductVersion : 0.1.0.3427 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:39 [qttask.exe] FilePath : C:\Program Files\QuickTime\ ProcessID : 3288 ThreadCreationTime : 12-17-2005 5:25:52 PM BasePriority : Normal FileVersion : 7.0.3 ProductVersion : QuickTime 7.0.3 ProductName : QuickTime CompanyName : Apple Computer, Inc. FileDescription : QuickTime Task InternalName : QuickTime Task LegalCopyright : Copyright Apple Computer, Inc. 1989-2005 OriginalFilename : QTTask.exe #:40 [jusched.exe] FilePath : C:\Program Files\Java\j2re1.4.2_03\bin\ ProcessID : 3936 ThreadCreationTime : 12-17-2005 5:25:53 PM BasePriority : Normal #:41 [mmdiag.exe] FilePath : C:\PROGRA~1\MUSICM~1\MUSICM~2\ ProcessID : 3956 ThreadCreationTime : 12-17-2005 5:25:53 PM BasePriority : Normal FileVersion : 10.00.4015 ProductVersion : 10.00.4015 ProductName : Musicmatch Jukebox CompanyName : Musicmatch, Inc. FileDescription : Logging and tracing manager InternalName : MMTraceExe LegalCopyright : Copyright © Musicmatch 1998-2004 LegalTrademarks : OriginalFilename : MMTraceExe.EXE #:42 [pccguide.exe] FilePath : C:\Program Files\Trend Micro\Internet Security 2005\ ProcessID : 3972 ThreadCreationTime : 12-17-2005 5:25:53 PM BasePriority : Normal FileVersion : 12.10.0.1014 ProductVersion : 12.10.0 ProductName : Trend Micro Internet Security CompanyName : Trend Micro Incorporated. FileDescription : PCCGuide InternalName : PCCGuide LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Copyright © Trend Micro Incorporated. OriginalFilename : PCCGuide #:43 [ituneshelper.exe] FilePath : C:\Program Files\iTunes\ ProcessID : 3984 ThreadCreationTime : 12-17-2005 5:25:53 PM BasePriority : Normal FileVersion : 6.0.0.18 ProductVersion : 6.0.0.18 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:44 [hpcmpmgr.exe] FilePath : C:\Program Files\HP\hpcoretech\ ProcessID : 3176 ThreadCreationTime : 12-17-2005 5:25:53 PM BasePriority : Normal FileVersion : 2.1.1.0 ProductVersion : 2.1.5 ProductName : hp coretech (COmponent REuse TECHnology) CompanyName : Hewlett-Packard Company FileDescription : HP Framework Component Manager Service InternalName : HPComponentManagerService module LegalCopyright : Copyright © Hewlett-Packard. 2002-2004 OriginalFilename : HpCmpMgr.exe #:45 [sysmetrix.exe] FilePath : C:\Program Files\SysMetrix\ ProcessID : 3184 ThreadCreationTime : 12-17-2005 5:25:53 PM BasePriority : Normal FileVersion : 3.04 ProductVersion : 3.04 ProductName : SysMetrix CompanyName : Nicholas Decker InternalName : SysMetrix LegalCopyright : Copyright 2002-2005, Nicholas Decker. All Rights Reserved. OriginalFilename : SysMetrix.exe #:46 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3228 ThreadCreationTime : 12-17-2005 5:25:53 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:47 [msnmsgr.exe] FilePath : C:\Program Files\MSN Messenger\ ProcessID : 3136 ThreadCreationTime : 12-17-2005 5:25:53 PM BasePriority : Normal FileVersion : 7.5.0299 ProductVersion : 7.5.0299 ProductName : MSN Messenger CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr LegalCopyright : Copyright © Microsoft Corporation 1997-2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msnmsgr.exe #:48 [psfree.exe] FilePath : C:\Program Files\Panicware\Pop-Up Stopper Free Edition\ ProcessID : 4000 ThreadCreationTime : 12-17-2005 5:25:53 PM BasePriority : Normal FileVersion : 3, 1, 0, 1010 ProductVersion : 1, 0, 0, 1 ProductName : Pop-Up Stopper Free Edition CompanyName : Panicware, Inc. FileDescription : Pop-Up Stopper Free Edition InternalName : Pop-Up Stopper Free Edition LegalCopyright : Copyright © 2002-2003 OriginalFilename : PSFree.exe #:49 [ipodservice.exe] FilePath : C:\Program Files\iPod\bin\ ProcessID : 4084 ThreadCreationTime : 12-17-2005 5:25:54 PM BasePriority : Normal FileVersion : 6.0.0.18 ProductVersion : 6.0.0.18 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iPodService.exe #:50 [mim.exe] FilePath : C:\Program Files\Musicmatch\Musicmatch Jukebox\ ProcessID : 2068 ThreadCreationTime : 12-17-2005 5:25:56 PM BasePriority : Normal FileVersion : 10.00.4015 ProductVersion : 10.00.4015 ProductName : Musicmatch Jukebox CompanyName : Musicmatch, Inc. FileDescription : mim InternalName : mim LegalCopyright : Copyright © Musicmatch 1998-2004 LegalTrademarks : OriginalFilename : mim.exe #:51 [hpqtra08.exe] FilePath : C:\Program Files\HP\Digital Imaging\bin\ ProcessID : 372 ThreadCreationTime : 12-17-2005 5:25:59 PM BasePriority : Normal FileVersion : 43.1.5.000 ProductVersion : 043.001.005.000 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP Digital Imaging Monitor (CUE) InternalName : HPQTRA00 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004 OriginalFilename : HPQTRA00.EXE Comments : HP Digital Imaging Monitor (CUE) #:52 [rainlendar.exe] FilePath : C:\Program Files\Rainlendar\ ProcessID : 2968 ThreadCreationTime : 12-17-2005 5:26:00 PM BasePriority : Normal #:53 [rainmeter.exe] FilePath : C:\Program Files\Rainmeter\ ProcessID : 2152 ThreadCreationTime : 12-17-2005 5:26:00 PM BasePriority : Normal #:54 [hpzipm12.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2752 ThreadCreationTime : 12-17-2005 5:26:23 PM BasePriority : Normal FileVersion : 8, 0, 0, 0 ProductVersion : 8, 0, 0, 0 ProductName : HP PML CompanyName : HP FileDescription : PML Driver InternalName : PmlDrv LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company OriginalFilename : PmlDrv.exe #:55 [msn.exe] FilePath : C:\Program Files\MSN\MSNCoreFiles\ ProcessID : 3444 ThreadCreationTime : 12-17-2005 5:28:14 PM BasePriority : Normal FileVersion : 9.10.0011.1703 ProductVersion : 9.10.0011.1703 ProductName : Microsoft® MSN ® Communications System CompanyName : Microsoft Corporation FileDescription : msn InternalName : msn LegalCopyright : Copyright © Microsoft Corp. 1981-2003 OriginalFilename : msn.exe #:56 [firefox.exe] FilePath : C:\Program Files\Mozilla Firefox\ ProcessID : 3672 ThreadCreationTime : 12-17-2005 5:28:15 PM BasePriority : Normal #:57 [ad-aware.exe] FilePath : K:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 3048 ThreadCreationTime : 12-17-2005 5:28:18 PM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:58 [3dsmax.exe] FilePath : C:\3dsmax7\ ProcessID : 2188 ThreadCreationTime : 12-17-2005 5:33:24 PM BasePriority : Normal FileVersion : 7.0.0.65 ProductVersion : 7.0.0.65 ProductName : 3ds max CompanyName : Discreet, a division of Autodesk, Inc. FileDescription : 3ds max application InternalName : 3dsmax LegalCopyright : © 1994-2003 Autodesk, Inc. All rights reserved. LegalTrademarks : Discreet, Autodesk, Inc., Kinetix, 3D Studio MAX, Autodesk VIZ, Biped, Character Studio, Heidi, Kinetix, Physique, plasma, 3ds max, DWG Unplugged, FLI, FLIC, and DXF are either registered trademarks or trademarks of Discreet Logic Inc./Autodesk, Inc. OriginalFilename : 3dsmax.exe Comments : TECH: chuck.lingle #:59 [adskcleanup.0001] FilePath : C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\ ProcessID : 3584 ThreadCreationTime : 12-17-2005 5:33:29 PM BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : Macrovision Europe Ltd. Cleanup CompanyName : Macrovision Europe Ltd. FileDescription : Cleanup InternalName : Cleanup LegalCopyright : Copyright © 2002 OriginalFilename : Cleanup.exe #:60 [adskcleanup.0001] FilePath : C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\ ProcessID : 2228 ThreadCreationTime : 12-17-2005 5:33:33 PM BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : Macrovision Europe Ltd. Cleanup CompanyName : Macrovision Europe Ltd. FileDescription : Cleanup InternalName : Cleanup LegalCopyright : Copyright © 2002 OriginalFilename : Cleanup.exe #:61 [notepad.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2396 ThreadCreationTime : 12-17-2005 5:34:18 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Notepad InternalName : Notepad LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : NOTEPAD.EXE Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 6 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 6 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 6 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : hp_owner@bravenet[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:hp_owner@bravenet.com/ Expires : 12-15-2015 9:45:36 AM LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 7 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» begin2search Object Recognized! Type : File Data : A0169424.dll TAC Rating : 3 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{9E0EFA91-21B1-4B9A-B624-3B0E56298ADE}\RP481\ FileVersion : 1, 1, 7, 0 ProductVersion : 1, 1, 7, 0 Elitum.ElitebarBHO Object Recognized! Type : File Data : A0173528.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{9E0EFA91-21B1-4B9A-B624-3B0E56298ADE}\RP487\ Elitum.ElitebarBHO Object Recognized! Type : File Data : A0173544.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{9E0EFA91-21B1-4B9A-B624-3B0E56298ADE}\RP488\ WindUpdates Object Recognized! Type : File Data : A0173562.exe TAC Rating : 8 Category : Malware Comment : SWiSHmax crack Object : C:\System Volume Information\_restore{9E0EFA91-21B1-4B9A-B624-3B0E56298ADE}\RP488\ Elitum.ElitebarBHO Object Recognized! Type : File Data : A0173706.dll TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{9E0EFA91-21B1-4B9A-B624-3B0E56298ADE}\RP488\ Elitum.ElitebarBHO Object Recognized! Type : File Data : A0173713.dll TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{9E0EFA91-21B1-4B9A-B624-3B0E56298ADE}\RP488\ Elitum.ElitebarBHO Object Recognized! Type : File Data : A0173755.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{9E0EFA91-21B1-4B9A-B624-3B0E56298ADE}\RP488\ WindUpdates Object Recognized! Type : File Data : A0173791.exe TAC Rating : 8 Category : Malware Comment : SWiSHmax crack Object : C:\System Volume Information\_restore{9E0EFA91-21B1-4B9A-B624-3B0E56298ADE}\RP488\ Elitum.ElitebarBHO Object Recognized! Type : File Data : A0173905.dll TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{9E0EFA91-21B1-4B9A-B624-3B0E56298ADE}\RP489\ Elitum.ElitebarBHO Object Recognized! Type : File Data : A0173906.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{9E0EFA91-21B1-4B9A-B624-3B0E56298ADE}\RP489\ Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 17 Deep scanning and examining files (H:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for H:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 17 Deep scanning and examining files (K:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for K:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 17 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 17 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» begin2search Object Recognized! Type : RegData Data : no TAC Rating : 3 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no WindUpdates Object Recognized! Type : RegData Data : no TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Error Dlg Details Pane Open Data : no Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 19 10:27:22 AM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:35:32.203 Objects scanned:327680 Objects identified:13 Objects ignored:0 New critical objects:13
  4. Ad-Aware SE Build 1.06r1 Logfile Created on:Saturday, December 17, 2005 9:51:50 AM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R81 16.12.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» begin2search(TAC index:3):2 total references Elitum.ElitebarBHO(TAC index:5):7 total references MRU List(TAC index:0):6 total references Tracking Cookie(TAC index:3):1 total references WindUpdates(TAC index:8):3 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R81 16.12.2005 Internal build : 93 File location : K:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref File size : 563739 Bytes Total size : 1693319 Bytes Signature data size : 1659125 Bytes Reference data size : 33682 Bytes Signatures total : 47090 CSI Fingerprints total : 1214 CSI data size : 34943 Bytes Target categories : 15 Target families : 797 Memory + processor status: ========================== Number of processors : 2 Processor architecture : Intel Pentium IV Memory available:29 % Total physical memory:515372 kb Available physical memory:146212 kb Total page file size:2064652 kb Available on page file:1340812 kb Total virtual memory:2097024 kb Available virtual memory:2017792 kb OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Search for low-risk threats Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 12-17-2005 9:51:50 AM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\HP_Owner\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-2942837424-2029783106-3238098085-1009\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-2942837424-2029783106-3238098085-1009\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-2942837424-2029783106-3238098085-1009\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-2942837424-2029783106-3238098085-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-2942837424-2029783106-3238098085-1009\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 592 ThreadCreationTime : 12-17-2005 5:16:40 PM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 640 ThreadCreationTime : 12-17-2005 5:16:43 PM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 664 ThreadCreationTime : 12-17-2005 5:16:43 PM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 708 ThreadCreationTime : 12-17-2005 5:16:43 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 720 ThreadCreationTime : 12-17-2005 5:16:43 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 912 ThreadCreationTime : 12-17-2005 5:16:44 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 964 ThreadCreationTime : 12-17-2005 5:16:45 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1056 ThreadCreationTime : 12-17-2005 5:16:45 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1132 ThreadCreationTime : 12-17-2005 5:16:45 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1216 ThreadCreationTime : 12-17-2005 5:16:45 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1388 ThreadCreationTime : 12-17-2005 5:16:46 PM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:12 [aspnet_admin.exe] FilePath : C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\ ProcessID : 1492 ThreadCreationTime : 12-17-2005 5:16:47 PM BasePriority : Normal FileVersion : 2.0.40607.42 (beta1.040607-4200) ProductVersion : 2.0.40607.42 ProductName : Microsoft® .NET Framework CompanyName : Microsoft Corporation FileDescription : Microsoft ASP.NET Admin Service InternalName : aspnet_admin.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : aspnet_admin.exe Comments : Flavor=Retail #:13 [adskscsrv.exe] FilePath : C:\Program Files\Common Files\Autodesk Shared\Service\ ProcessID : 1508 ThreadCreationTime : 12-17-2005 5:16:47 PM BasePriority : Normal FileVersion : 2.51.000 FileDescription : System Level Service Utility #:14 [ewidoctrl.exe] FilePath : C:\Program Files\ewido\security suite\ ProcessID : 1564 ThreadCreationTime : 12-17-2005 5:16:48 PM BasePriority : Normal FileVersion : 3, 0, 0, 1 ProductVersion : 3, 0, 0, 1 ProductName : ewido control CompanyName : ewido networks FileDescription : ewido control InternalName : ewido control LegalCopyright : Copyright © 2004 OriginalFilename : ewidoctrl.exe #:15 [mdm.exe] FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\ ProcessID : 1604 ThreadCreationTime : 12-17-2005 5:16:48 PM BasePriority : Normal FileVersion : 7.00.9466 ProductVersion : 7.00.9466 ProductName : Microsoft® Visual Studio .NET CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : mdm.exe #:16 [pcctlcom.exe] FilePath : C:\PROGRA~1\TRENDM~1\INTERN~1\ ProcessID : 1660 ThreadCreationTime : 12-17-2005 5:16:49 PM BasePriority : Normal FileVersion : 12.10.0.1034 ProductVersion : 12.10.0 ProductName : Trend Micro Internet Security CompanyName : Trend Micro Incorporated. FileDescription : PcCtlCom Module InternalName : PcCtlCom LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Copyright © Trend Micro Incorporated. OriginalFilename : PcCtlCom.EXE #:17 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1724 ThreadCreationTime : 12-17-2005 5:16:49 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:18 [tmntsrv.exe] FilePath : C:\PROGRA~1\TRENDM~1\INTERN~1\ ProcessID : 1800 ThreadCreationTime : 12-17-2005 5:16:49 PM BasePriority : Normal FileVersion : 12.10.0.1034 ProductVersion : 12.10.0 ProductName : Trend Micro Internet Security CompanyName : Trend Micro Incorporated. FileDescription : Tmntsrv InternalName : Tmntsrv LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Copyright © Trend Micro Incorporated. OriginalFilename : Tmntsrv.exe #:19 [tmproxy.exe] FilePath : C:\PROGRA~1\TRENDM~1\INTERN~1\ ProcessID : 1840 ThreadCreationTime : 12-17-2005 5:16:49 PM BasePriority : Normal FileVersion : 1.0.0.1125 ProductVersion : 1.0.0 ProductName : Trend Micro Network Security Components 1.0 CompanyName : Trend Micro Inc. FileDescription : TmProxy.exe InternalName : TmProxy.exe LegalCopyright : Copyright © 2001-2004 Trend Micro Inc. All rights reserved. LegalTrademarks : Copyright © Trend Micro Inc. OriginalFilename : TmProxy.exe #:20 [wdfmgr.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1920 ThreadCreationTime : 12-17-2005 5:16:49 PM BasePriority : Normal FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:21 [tmpfw.exe] FilePath : C:\PROGRA~1\TRENDM~1\INTERN~1\ ProcessID : 396 ThreadCreationTime : 12-17-2005 5:16:50 PM BasePriority : Normal FileVersion : 2.0.0.1125 ProductVersion : 1.0.0 ProductName : Trend Network Security Component 1.0 CompanyName : Trend Micro Inc. FileDescription : TmPfw InternalName : TmPfw LegalCopyright : Copyright © 2001-2004 Trend Micro Inc. All rights reserved. LegalTrademarks : Copyright © Trend Micro Inc. OriginalFilename : TmPfw.exe #:22 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1200 ThreadCreationTime : 12-17-2005 5:16:55 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:23 [wbload.exe] FilePath : C:\Program Files\Stardock\Object Desktop\WindowBlinds\ ProcessID : 2540 ThreadCreationTime : 12-17-2005 5:25:46 PM BasePriority : Normal FileVersion : 4.4 ProductVersion : 4.4 ProductName : WindowBlinds - http://www.windowblinds.net CompanyName : Stardock Systems, Inc FileDescription : WindowBlinds InternalName : WindowBlinds LegalCopyright : Copyright © 1997-2004 Neil Banfield, © 1998-2004 Stardock.Net, Inc OriginalFilename : WindowBlinds Comments : This is the WindowBlinds launcher app. Please do not delete this file. If you want to uninstall WindowBlinds, then use the uninstaller! #:24 [wscntfy.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2640 ThreadCreationTime : 12-17-2005 5:25:49 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Security Center Notification App InternalName : wscntfy.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wscntfy.exe #:25 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 2512 ThreadCreationTime : 12-17-2005 5:25:49 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:26 [hpsysdrv.exe] FilePath : C:\windows\system\ ProcessID : 2856 ThreadCreationTime : 12-17-2005 5:25:50 PM BasePriority : Normal FileVersion : 1, 7, 0, 0 ProductVersion : 1, 7, 0, 0 ProductName : hpsysdrv CompanyName : Hewlett-Packard Company FileDescription : hpsysdrv InternalName : hpsysdrv LegalCopyright : Copyright © 1998 OriginalFilename : hpsysdrv.exe
  5. --- Report generated: 2005-12-19 15:57 --- Command Service: Settings (Registry key, fixing failed) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService Command Service: Settings (Registry key, fixing failed) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService Command Service: Settings (Registry key, fixed) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed) Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed) Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed) Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, fixed) DoubleClick: Tracking cookie (Firefox: default) (Cookie, fixed) HitBox: Tracking cookie (Firefox: default) (Cookie, fixed) FastClick: Tracking cookie (Firefox: default) (Cookie, fixed) FastClick: Tracking cookie (Firefox: default) (Cookie, fixed) HitBox: Tracking cookie (Firefox: default) (Cookie, fixed) HitBox: Tracking cookie (Firefox: default) (Cookie, fixed) SexList: Tracking cookie (Firefox: default) (Cookie, fixed) SexTracker: Tracking cookie (Firefox: default) (Cookie, fixed) SexTracker: Tracking cookie (Firefox: default) (Cookie, fixed) Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed) Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed) --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2005-12-17 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2005-05-31 advcheck.dll (1.0.2.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2005-05-31 Tools.dll (2.0.0.2) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2005-12-16 Includes\Cookies.sbi (*) 2005-12-16 Includes\Dialer.sbi (*) 2005-12-16 Includes\Hijackers.sbi (*) 2005-12-16 Includes\Keyloggers.sbi (*) 2005-12-16 Includes\Malware.sbi (*) 2005-12-16 Includes\PUPS.sbi (*) 2005-12-16 Includes\Revision.sbi (*) 2005-12-16 Includes\Security.sbi (*) 2005-12-16 Includes\Spybots.sbi (*) 2005-02-17 Includes\Tracks.uti 2005-12-16 Includes\Trojans.sbi (*)
  6. I just checked the tutorials, it doesnt say where the logs are saved
  7. WOW I've been busy as...well....something thats really busy over the last few days, sorry. here are the logs: Logfile of HijackThis v1.99.1 Scan saved at 6:47:52 AM, on 12/19/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\keyhook.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ps2.exe C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe C:\Program Files\SysMetrix\SysMetrix.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Rainlendar\Rainlendar.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN\MSNCoreFiles\msn.exe C:\Documents and Settings\HP_Owner\My Documents\My Downloads\hijackthis\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [sysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129352599921 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe ....Just a quick question, where do ad-aware and spybit save their logs?
  8. Incident Status Location Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba448-61b69df0.zip[NewSecurityClassLoader.class] Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba448-61b69df0.zip[NewURLClassLoader.class] Adware:adware/iedriver Not disinfected C:\Documents and Settings\HP_Owner\Favorites\Get out of Debt!.url Adware:Adware/Exact.BargainBuddyNot disinfected C:\Documents and Settings\HP_Owner\My Documents\My Downloads\hijackthis\backups\backup-20051121-055022-619 Logfile of HijackThis v1.99.1 Scan saved at 3:54:03 PM, on 12/15/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\keyhook.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ps2.exe C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\SysMetrix\SysMetrix.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Rainlendar\Rainlendar.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\MSN\MSNCoreFiles\msn.exe C:\Documents and Settings\HP_Owner\My Documents\My Downloads\hijackthis\HijackThis.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [sysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129352599921 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  9. But, I activly USE 3DS Max, its kinda important
  10. Logfile of HijackThis v1.99.1 Scan saved at 10:14:55 PM, on 12/14/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\keyhook.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ps2.exe C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\SysMetrix\SysMetrix.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Rainlendar\Rainlendar.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN\MSNCoreFiles\msn.exe C:\3dsmax7\3dsmax.exe C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\AdskCleanup.0001 C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\AdskCleanup.0001 C:\WINDOWS\System32\HPZipm12.exe C:\Documents and Settings\HP_Owner\My Documents\My Downloads\hijackthis\HijackThis.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [sysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129352599921 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  11. Not Found The requested URL /bluepatchy/miekiem...tools/LQfix.zip was not found on this server.
  12. Logfile of HijackThis v1.99.1 Scan saved at 8:40:14 PM, on 12/13/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\keyhook.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ps2.exe C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\SysMetrix\SysMetrix.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Rainlendar\Rainlendar.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN\MSNCoreFiles\msn.exe C:\Documents and Settings\HP_Owner\My Documents\My Downloads\hijackthis\HijackThis.exe C:\PROGRA~1\TRENDM~1\INTERN~1\pcclient.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [sysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe O4 - HKLM\..\Run: [system service79] C:\WINDOWS\\\etb\\pokapoka79.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129352599921 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 7:57:09 PM, 12/13/2005 + Report-Checksum: D4C71B43 + Scan result: HKLM\SOFTWARE\Classes\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup HKLM\SOFTWARE\Classes\IeBHOs.Control -> Spyware.E2G : Cleaned with backup HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Spyware.E2G : Cleaned with backup HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Spyware.E2G : Cleaned with backup HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Spyware.E2G : Cleaned with backup HKU\S-1-5-21-2942837424-2029783106-3238098085-1009\Software\IST -> Spyware.ISTBar : Cleaned with backup HKU\S-1-5-21-2942837424-2029783106-3238098085-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup :mozilla.21:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.22:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.23:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.30:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.31:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.38:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.39:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup :mozilla.40:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup :mozilla.41:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup :mozilla.42:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup :mozilla.50:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.51:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.58:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.77:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.79:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.80:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.81:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.83:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.84:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.85:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.86:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.98:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup :mozilla.101:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup :mozilla.123:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup :mozilla.125:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.126:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.127:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.133:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup :mozilla.134:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\36jva740.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\HP_Owner\Cookies\hp_owner@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup C:\Documents and Settings\HP_Owner\Cookies\hp_owner@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\HP_Owner\Cookies\hp_owner@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\HP_Owner\Cookies\hp_owner@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup C:\Documents and Settings\HP_Owner\My Documents\My Documents.rar/logl_h.exe -> Logger.VB.eh : Cleaned with backup C:\Documents and Settings\HP_Owner\My Documents\My Documents.rar/l_h_32.exe -> Logger.Agent.gk : Cleaned with backup C:\My Downloads\US Autodesk 3ds Max 8 all Builds crack.exe -> Downloader.IstBar.is : Cleaned with backup C:\Program Files\Cas2Stub\cas2stub.exe -> Downloader.Agent.aaf : Cleaned with backup C:\Program Files\Media Access -> Adware.MediaAccess : Cleaned with backup C:\Program Files\Media Access\Info.txt -> Adware.MediaAccess : Cleaned with backup C:\Program Files\Mozilla Firefox\plugins\npzango.dll -> Spyware.WinAD : Cleaned with backup C:\Program Files\mozilla.org\Mozilla\plugins\npzango.dll -> Spyware.WinAD : Cleaned with backup C:\WINDOWS\Justin.exe -> Dropper.Agent.abb : Cleaned with backup C:\WINDOWS\pi1_60.exe -> Downloader.Small.bue : Cleaned with backup C:\WINDOWS\system32\202_app13.exe -> Dropper.Agent.tb : Cleaned with backup C:\WINDOWS\system32\dist001.exe -> Downloader.Agent.aaf : Cleaned with backup C:\WINDOWS\system32\fran-hot.exe -> Dropper.Agent.abb : Cleaned with backup C:\WINDOWS\system32\l_h_32.dll -> Logger.Agent.gk : Cleaned with backup C:\WINDOWS\system32\nssA3.dll -> Adware.EZula : Cleaned with backup ::Report End
  13. Problems I had: C:\WINDOWS\etb C:\WINDOWS\system32\logl_h.exe could not find (and thus, delete those files, they wernt in the system32 folder) I got that error when trying to delete the highlighted temp files
  14. Incident Status Location Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba448-61b69df0.zip[NewSecurityClassLoader.class] Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba448-61b69df0.zip[NewURLClassLoader.class] Adware:adware/iedriver Not disinfected C:\Documents and Settings\HP_Owner\Favorites\Get out of Debt!.url Virus:Trj/Prutec.R Not disinfected C:\Documents and Settings\HP_Owner\My Documents\My Documents.rar[logl_h.exe] Virus:Trj/Agent.APG Not disinfected C:\Documents and Settings\HP_Owner\My Documents\My Documents.rar[l_h_32.exe] Adware:Adware/Exact.BargainBuddyNot disinfected C:\Documents and Settings\HP_Owner\My Documents\My Downloads\hijackthis\backups\backup-20051121-055022-619 Adware:Adware/EliteBar Not disinfected C:\WINDOWS\etb\nt_hide79.dll Adware:Adware/EliteBar Not disinfected C:\WINDOWS\etb\pokapoka79.exe Adware:Adware/ConsumerAlertSystemNot disinfected C:\WINDOWS\pf78.exe Adware:Adware/E2Give Not disinfected C:\WINDOWS\pi1_60.exe Adware:Adware/Webext Not disinfected C:\WINDOWS\system32\bho.dll Adware:adware program Not disinfected C:\WINDOWS\system32\data.~ Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\system32\InstallerV4.exe Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\system32\lanbruns.exe Virus:Trj/Agent.APG Not disinfected C:\WINDOWS\system32\l_h_32.dll Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32\PreUninstallQL.exe Adware:Adware/Mirar Not disinfected C:\WINDOWS\system32\WinNB57.dll Logfile of HijackThis v1.99.1 Scan saved at 1:00:11 AM, on 12/13/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\keyhook.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ps2.exe C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\SysMetrix\SysMetrix.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\etb\pokapoka79.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Rainlendar\Rainlendar.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\Program Files\MSN\MSNCoreFiles\msn.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\HPZipm12.exe C:\Documents and Settings\HP_Owner\My Documents\My Downloads\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [sysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe O4 - HKLM\..\Run: [system service79] C:\WINDOWS\etb\pokapoka79.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129352599921 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  15. Logfile of HijackThis v1.99.1 Scan saved at 4:10:14 PM, on 12/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\System32\wdfmgr.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\keyhook.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ps2.exe C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe C:\WINDOWS\System32\igfxpers.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\DAP\DAP.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\Program Files\Rainlendar\Rainlendar.exe C:\WINDOWS\etb\pokapoka79.exe C:\PROGRA~1\MUSICM~1\Common\COMPON~1\MMCOMP~1.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE C:\Documents and Settings\HP_Owner\My Documents\My Downloads\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP O4 - HKLM\..\Run: [sysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe O4 - HKLM\..\Run: [Windows Installer] C:\WINDOWS\system32\ntdll.exe O4 - HKLM\..\Run: [Windows Spooler] C:\WINDOWS\system32\spoolsv32.exe O4 - HKLM\..\Run: [Windows DLL Host] C:\WINDOWS\system32\dllhost32.exe O4 - HKLM\..\Run: [systemService] C:\WINDOWS\etb\pokapoka79.exe O4 - HKLM\..\Run: [system service79] C:\WINDOWS\etb\pokapoka79.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [logl_h] C:\WINDOWS\system32\logl_h.exe O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129352599921 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132909071296 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
×
×
  • Create New...