Win32.TrojanClicker.Spywad.b has infected my computer! please help me rid of it asap

Comments

• sk8erfr3ak7

  August 2006 edited August 2006

  plz help me

  0
• jmoney3457 Maine

  August 2006 edited August 2006

  hi sk8er, please do this-->Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

  0
• sk8erfr3ak7

  August 2006 edited August 2006

  I used Vundo Fix V5.1.11, and it didnt find anything, i scanned with Ad-Aware SE Personal and posted the log of that below the new hijack this log file. Here is the Vundo Fix log, it didnt find anything:
  
  VundoFix V5.1.11
  
  Running as SYSTEM
  from c:\windows\system32\VundoFix.exe
  
  Checking Java version...
  
  Java version is 1.5.0.6
  
  Scan started at 7:45:33 PM 8/13/2006
  
  Listing files found while scanning....
  
  No infected files were found.
  
  
  Beginning removal...
  
  VundoFix V5.1.11
  
  Running as SYSTEM
  from c:\windows\system32\VundoFix.exe
  
  Checking Java version...
  
  Java version is 1.5.0.6
  
  Scan started at 8:10:02 PM 8/14/2006
  
  Listing files found while scanning....
  
  No infected files were found.
  
  
  Beginning removal...
  
  Here is the new HijackThis Logfile:
  Logfile of HijackThis v1.99.1
  Scan saved at 9:18:28 AM, on 8/21/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\LEXBCES.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\LEXPPS.EXE
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Analog Devices\Core\smax4pnp.exe
  C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
  C:\WINDOWS\system32\dla\tfswctrl.exe
  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
  C:\Documents and Settings\Mike\Desktop\Zsnes\o\ewido\ewido anti-spyware 4.0\guard.exe
  C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
  C:\PROGRA~1\McAfee\MSC\McLogCln.exe
  C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
  C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
  c:\program files\common files\mcafee\mna\mcnasvc.exe
  C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
  C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
  c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
  C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
  C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
  C:\PROGRA~1\McAfee\MSC\mctskshd.exe
  C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
  C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
  C:\Program Files\McAfee\MPF\MPFSrv.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\UAService7.exe
  C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  C:\PROGRA~1\mcafee.com\agent\mcagent.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  c:\program files\mcafee\msc\mcupdui.exe
  C:\Documents and Settings\Mike\Desktop\WoW\Xfire\Xfire.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Microsoft Office\Office\FRONTPG.EXE
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\SiteAdvisor\SiteAdv.exe
  C:\Program Files\Windows NT\Accessories\wordpad.exe
  C:\WINDOWS\system32\NOTEPAD.EXE
  C:\Documents and Settings\Mike\Desktop\Zsnes\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
  O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
  O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - C:\Program Files\IntCodec\isaddon.dll
  O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
  O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
  O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\IntCodec\iesplugin.dll
  O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
  O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
  O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
  O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
  O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
  O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [0321131154352649mcinstcleanup] C:\WINDOWS\TEMP\032113~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog
  O4 - HKLM\..\Run: [McLogLch_exe] C:\Program Files\McAfee\MSC\McLogLch.exe
  O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
  O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
  O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
  O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
  O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
  O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Documents and Settings\Mike\Desktop\Zsnes\o\ewido\ewido anti-spyware 4.0\guard.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
  O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
  O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
  O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
  O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
  O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
  O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
  O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
  O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
  O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
  O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
  O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
  O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  
  
  And Finally Here is the Ad-Aware SE Personal logfile:
  
  EDIT: There were too many characters so i will list it in the next post.

  0
• sk8erfr3ak7

  August 2006 edited August 2006

  ALRIGHT. Here is the Ad-Aware SE Personal Logfile followed by a picture of something that may be helpful to figuring this out, and its too long so i will post the the 2nd half in the next post:
  PART I
  Ad-Aware SE Build 1.06r1
  Logfile Created on:Monday, August 21, 2006 9:06:01 AM
  Created with Ad-Aware SE Personal, free for private use.
  Using definitions file:SE1R118 07.08.2006
  »»»»»»»»»»»»»»»
  References detected during the scan:
  »»»»»»»»»»»»»»»
  H@tKeysH@@k(TAC index:5):1 total references
  MalwareWipe(TAC index:3):1 total references
  MRU List(TAC index:0):34 total references
  Possible Browser Hijack attempt(TAC index:3):1 total references
  Tracking Cookie(TAC index:3):48 total references
  »»»»»»»»»»»»»»
  Ad-Aware SE Settings
  ===========================
  Set : Search for negligible risk entries
  Set : Safe mode (always request confirmation)
  Set : Scan active processes
  Set : Scan registry
  Set : Deep-scan registry
  Set : Scan my IE Favorites for banned URLs
  Set : Scan my Hosts file
  
  Extended Ad-Aware SE Settings
  ===========================
  Set : Unload recognized processes & modules during scan
  Set : Scan registry for all users instead of current user only
  Set : Always try to unload modules before deletion
  Set : During removal, unload Explorer and IE if necessary
  Set : Let Windows remove files in use at next reboot
  Set : Delete quarantined objects after restoring
  Set : Include basic Ad-Aware settings in log file
  Set : Include additional Ad-Aware settings in log file
  Set : Include reference summary in log file
  Set : Include alternate data stream details in log file
  Set : Play sound at scan completion if scan locates critical objects
  
  8-21-2006 9:06:01 AM - Scan started. (Smart mode)
  
  Listing running processes
  »»»»»»»»»»»»»»»»»
  #:1 [smss.exe]
  FilePath : \SystemRoot\System32\
  ProcessID : 532
  ThreadCreationTime : 8-16-2006 12:48:06 AM
  BasePriority : Normal
  
  #:2 [csrss.exe]
  FilePath : \??\C:\WINDOWS\system32\
  ProcessID : 604
  ThreadCreationTime : 8-16-2006 12:48:07 AM
  BasePriority : Normal
  
  #:3 [winlogon.exe]
  FilePath : \??\C:\WINDOWS\system32\
  ProcessID : 628
  ThreadCreationTime : 8-16-2006 12:48:09 AM
  BasePriority : High
  
  #:4 [services.exe]
  FilePath : C:\WINDOWS\system32\
  ProcessID : 672
  ThreadCreationTime : 8-16-2006 12:48:09 AM
  BasePriority : Normal
  FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
  ProductVersion : 5.1.2600.2180
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Services and Controller app
  InternalName : services.exe
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : services.exe
  
  #:5 [lsass.exe]
  FilePath : C:\WINDOWS\system32\
  ProcessID : 684
  ThreadCreationTime : 8-16-2006 12:48:09 AM
  BasePriority : Normal
  FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
  ProductVersion : 5.1.2600.2180
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : LSA Shell (Export Version)
  InternalName : lsass.exe
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : lsass.exe
  
  #:6 [svchost.exe]
  FilePath : C:\WINDOWS\system32\
  ProcessID : 860
  ThreadCreationTime : 8-16-2006 12:48:10 AM
  BasePriority : Normal
  FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
  ProductVersion : 5.1.2600.2180
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Generic Host Process for Win32 Services
  InternalName : svchost.exe
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : svchost.exe
  
  #:7 [svchost.exe]
  FilePath : C:\WINDOWS\system32\
  ProcessID : 936
  ThreadCreationTime : 8-16-2006 12:48:10 AM
  BasePriority : Normal
  FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
  ProductVersion : 5.1.2600.2180
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Generic Host Process for Win32 Services
  InternalName : svchost.exe
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : svchost.exe
  
  #:8 [svchost.exe]
  FilePath : C:\WINDOWS\System32\
  ProcessID : 1032
  ThreadCreationTime : 8-16-2006 12:48:10 AM
  BasePriority : Normal
  FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
  ProductVersion : 5.1.2600.2180
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Generic Host Process for Win32 Services
  InternalName : svchost.exe
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : svchost.exe
  
  #:9 [svchost.exe]
  FilePath : C:\WINDOWS\system32\
  ProcessID : 1084
  ThreadCreationTime : 8-16-2006 12:48:10 AM
  BasePriority : Normal
  FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
  ProductVersion : 5.1.2600.2180
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Generic Host Process for Win32 Services
  InternalName : svchost.exe
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : svchost.exe
  
  #:10 [svchost.exe]
  FilePath : C:\WINDOWS\system32\
  ProcessID : 1172
  ThreadCreationTime : 8-16-2006 12:48:11 AM
  BasePriority : Normal
  FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
  ProductVersion : 5.1.2600.2180
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Generic Host Process for Win32 Services
  InternalName : svchost.exe
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : svchost.exe
  
  #:11 [lexbces.exe]
  FilePath : C:\WINDOWS\system32\
  ProcessID : 1388
  ThreadCreationTime : 8-16-2006 12:48:13 AM
  BasePriority : Normal
  FileVersion : 9.45
  ProductVersion : 9.45
  ProductName : MarkVision for Windows (32 bit)
  CompanyName : Lexmark International, Inc.
  FileDescription : LexBce Service
  InternalName : LexBce Service
  LegalCopyright : (C) 1993 - 2004 Lexmark International, Inc.
  OriginalFilename : LexBceS.exe
  
  #:12 [spoolsv.exe]
  FilePath : C:\WINDOWS\system32\
  ProcessID : 1416
  ThreadCreationTime : 8-16-2006 12:48:13 AM
  BasePriority : Normal
  FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
  ProductVersion : 5.1.2600.2696
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Spooler SubSystem App
  InternalName : spoolsv.exe
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : spoolsv.exe
  
  #:13 [lexpps.exe]
  FilePath : C:\WINDOWS\system32\
  ProcessID : 1424
  ThreadCreationTime : 8-16-2006 12:48:13 AM
  BasePriority : Normal
  FileVersion : 9.45
  ProductVersion : 9.45
  ProductName : MarkVision for Windows (32 bit)
  CompanyName : Lexmark International, Inc.
  FileDescription : LEXPPS.EXE
  InternalName : LEXPPS
  LegalCopyright : (C) 1993 - 2004 Lexmark International, Inc.
  OriginalFilename : LEXPPS.EXE
  Comments : MarkVision for Windows '95 New P2P Server (32-bit)
  
  #:14 [explorer.exe]
  FilePath : C:\WINDOWS\
  ProcessID : 1816
  ThreadCreationTime : 8-16-2006 12:48:20 AM
  BasePriority : Normal
  FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
  ProductVersion : 6.00.2900.2180
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Windows Explorer
  InternalName : explorer
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : EXPLORER.EXE
  
  #:15 [smax4pnp.exe]
  FilePath : C:\Program Files\Analog Devices\Core\
  ProcessID : 1904
  ThreadCreationTime : 8-16-2006 12:48:22 AM
  BasePriority : Normal
  FileVersion : 5, 2, 0, 5
  ProductVersion : 5, 2, 0, 5
  ProductName : SMax4PNP Application
  CompanyName : Analog Devices, Inc.
  FileDescription : SMax4PNP MFC Application
  InternalName : SMax4PNP
  LegalCopyright : Copyright (C) 2002-2004 Analog Devices
  OriginalFilename : SMax4PNP.EXE
  
  #:16 [dvdlauncher.exe]
  FilePath : C:\Program Files\CyberLink\PowerDVD\
  ProcessID : 1928
  ThreadCreationTime : 8-16-2006 12:48:22 AM
  BasePriority : Normal
  FileVersion : 3.00.0000
  ProductVersion : 3.00.0000
  ProductName : Cyberlink PowerCinema 3.0
  CompanyName : CyberLink Corp.
  FileDescription : CyberLink PowerCinema Resident Program
  InternalName : CyberLink PowerCinema Resident Program
  LegalCopyright : Copyright (c) 2003 CyberLink Corp.
  OriginalFilename : DVDLauncher.EXE
  
  #:17 [tfswctrl.exe]
  FilePath : C:\WINDOWS\system32\dla\
  ProcessID : 1936
  ThreadCreationTime : 8-16-2006 12:48:22 AM
  BasePriority : Normal
  FileVersion : 1.04.08a
  CompanyName : Sonic Solutions
  FileDescription : Drive Letter Access Component
  LegalCopyright : Copyright © 2004 Sonic Solutions
  
  #:18 [jusched.exe]
  FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
  ProcessID : 2024
  ThreadCreationTime : 8-16-2006 12:48:22 AM
  BasePriority : Normal
  
  
  #:19 [ituneshelper.exe]
  FilePath : C:\Program Files\iTunes\
  ProcessID : 2044
  ThreadCreationTime : 8-16-2006 12:48:23 AM
  BasePriority : Normal
  FileVersion : 6.0.5.20
  ProductVersion : 6.0.5.20
  ProductName : iTunes
  CompanyName : Apple Computer, Inc.
  FileDescription : iTunesHelper Module
  InternalName : iTunesHelper
  LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
  OriginalFilename : iTunesHelper.exe
  
  #:20 [adskscsrv.exe]
  FilePath : C:\Program Files\Common Files\Autodesk Shared\Service\
  ProcessID : 168
  ThreadCreationTime : 8-16-2006 12:48:23 AM
  BasePriority : Normal
  FileVersion : 2.66.000
  ProductName : Autodesk Licensing Service
  CompanyName : Autodesk
  FileDescription : System Level Service Utility
  
  #:21 [guard.exe]
  FilePath : C:\Documents and Settings\Mike\Desktop\Zsnes\o\ewido\ewido anti-spyware 4.0\
  ProcessID : 260
  ThreadCreationTime : 8-16-2006 12:48:23 AM
  BasePriority : Normal
  FileVersion : 4, 0, 0, 172
  ProductVersion : 4, 0, 0, 172
  ProductName : ewido anti-spyware
  CompanyName : Anti-Malware Development a.s.
  FileDescription : ewido anti-spyware guard
  InternalName : ewido anti-spywareguard
  LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
  OriginalFilename : guard.exe
  
  #:22 [hwapi.exe]
  FilePath : C:\Program Files\Common Files\McAfee\HackerWatch\
  ProcessID : 256
  ThreadCreationTime : 8-16-2006 12:48:24 AM
  BasePriority : Normal
  FileVersion : 8.0.162.0
  ProductVersion : 8.0.162.0
  ProductName : McAfee HackerWatch Service
  CompanyName : McAfee, Inc.
  FileDescription : McAfee HackerWatch Service
  LegalCopyright : (c) McAfee, Inc. All rights reserved.
  OriginalFilename : HWAPI.exe
  
  #:23 [mclogcln.exe]
  FilePath : C:\PROGRA~1\McAfee\MSC\
  ProcessID : 364
  ThreadCreationTime : 8-16-2006 12:48:24 AM
  BasePriority : Normal
  
  
  #:24 [mclogsrv.exe]
  FilePath : C:\PROGRA~1\McAfee\MSC\
  ProcessID : 408
  ThreadCreationTime : 8-16-2006 12:48:24 AM
  BasePriority : Normal
  FileVersion : 7,0,317,0
  ProductVersion : 7,0,0,0
  ProductName : McAfee SecurityCenter
  CompanyName : McAfee, Inc.
  FileDescription : MSC Log Manager
  InternalName : mclogsrv
  LegalCopyright : Copyright © 2006 McAfee, Inc.
  OriginalFilename : mclogsrv.exe
  
  #:25 [mcupdmgr.exe]
  FilePath : C:\PROGRA~1\McAfee\MSC\
  ProcessID : 356
  ThreadCreationTime : 8-16-2006 12:48:27 AM
  BasePriority : Normal
  FileVersion : 7,0,317,0
  ProductVersion : 7,0,0,0
  ProductName : McAfee SecurityCenter
  CompanyName : McAfee, Inc.
  FileDescription : McAfee Update Manager Service
  InternalName : mcupdmgr
  LegalCopyright : Copyright © 2006 McAfee, Inc.
  OriginalFilename : mcupdmgr.exe
  
  #:26 [mcnasvc.exe]
  FilePath : c:\program files\common files\mcafee\mna\
  ProcessID : 1056
  ThreadCreationTime : 8-16-2006 12:48:28 AM
  BasePriority : Normal
  FileVersion : 1,0,176,0
  ProductVersion : 1,0,0,0
  ProductName : McAfee Integrated Security Platform
  CompanyName : McAfee, Inc.
  FileDescription : McAfee Network Agent
  InternalName : McNASvc
  LegalCopyright : Copyright © 2006 McAfee, Inc.
  OriginalFilename : McNASvc.exe
  
  #:27 [mcods.exe]
  FilePath : C:\PROGRA~1\McAfee\VIRUSS~1\
  ProcessID : 1120
  ThreadCreationTime : 8-16-2006 12:48:28 AM
  BasePriority : Normal
  FileVersion : 11,0,201,0
  ProductVersion : 11,0,0,0
  ProductName : McAfee VirusScan
  CompanyName : McAfee, Inc.
  FileDescription : McAfee VirusScan - On Demand Scan
  InternalName : mcods.exe
  LegalCopyright : Copyright © 2006 McAfee, Inc.
  OriginalFilename : mcods.exe
  
  #:28 [mcpromgr.exe]
  FilePath : C:\PROGRA~1\McAfee\MSC\
  ProcessID : 1168
  ThreadCreationTime : 8-16-2006 12:48:28 AM
  BasePriority : Normal
  FileVersion : 7,0,317,0
  ProductVersion : 7,0,0,0
  ProductName : McAfee SecurityCenter
  CompanyName : McAfee, Inc.
  FileDescription : McAfee Integrated Security Platform
  InternalName : McProMgr
  LegalCopyright : Copyright © 2006 McAfee, Inc.
  OriginalFilename : McProMgr.exe
  
  #:29 [redirsvc.exe]
  FilePath : c:\PROGRA~1\COMMON~1\mcafee\redirsvc\
  ProcessID : 1104
  ThreadCreationTime : 8-16-2006 12:48:28 AM
  BasePriority : Normal
  FileVersion : 1,0,198,0
  ProductVersion : 1,0,0,0
  ProductName : McAfee Redirector
  CompanyName : McAfee, Inc.
  FileDescription : McAfee Redirector Service Module
  InternalName : McRedirector
  LegalCopyright : Copyright © 2006 McAfee, Inc.
  OriginalFilename : RedirSvc.exe
  Comments : McAfee Redirector Service
  
  #:30 [mcshield.exe]
  FilePath : C:\PROGRA~1\McAfee\VIRUSS~1\
  ProcessID : 1272
  ThreadCreationTime : 8-16-2006 12:48:29 AM
  BasePriority : High
  
  
  #:31 [mcsysmon.exe]
  FilePath : C:\PROGRA~1\McAfee\VIRUSS~1\
  ProcessID : 1500
  ThreadCreationTime : 8-16-2006 12:48:29 AM
  BasePriority : Normal
  FileVersion : 11,0,281,0
  ProductVersion : 11,0,0,0
  ProductName : McAfee VirusScan API
  CompanyName : McAfee, Inc.
  FileDescription : McAfee SystemGuards Service
  InternalName : sysmon
  LegalCopyright : Copyright © 2006 McAfee, Inc.
  OriginalFilename : sysmon.exe
  
  #:32 [mctskshd.exe]
  FilePath : C:\PROGRA~1\McAfee\MSC\
  ProcessID : 796
  ThreadCreationTime : 8-16-2006 12:48:30 AM
  BasePriority : Normal
  FileVersion : 7,0,317,0
  ProductVersion : 7,0,0,0
  ProductName : McAfee SecurityCenter
  CompanyName : McAfee, Inc.
  FileDescription : McAfee Tqsk Scheduler
  InternalName : McTskShd
  LegalCopyright : Copyright © 2006 McAfee, Inc.
  OriginalFilename : mctskshd.exe
  
  #:33 [mcusrmgr.exe]
  FilePath : C:\PROGRA~1\McAfee\MSC\
  ProcessID : 1668
  ThreadCreationTime : 8-16-2006 12:48:31 AM
  BasePriority : Normal
  FileVersion : 7,0,317,0
  ProductVersion : 7,0,0,0
  ProductName : McAfee SecurityCenter
  CompanyName : McAfee, Inc.
  FileDescription : MISP User Manager
  InternalName : McUsrMgr
  LegalCopyright : Copyright © 2006 McAfee, Inc.
  OriginalFilename : McUsrMgr.exe
  
  #:34 [raysat_3dsmax8server.exe]
  FilePath : C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\
  ProcessID : 1716
  ThreadCreationTime : 8-16-2006 12:48:31 AM
  BasePriority : Normal
  
  
  #:35 [mpfsrv.exe]
  FilePath : C:\Program Files\McAfee\MPF\
  ProcessID : 1280
  ThreadCreationTime : 8-16-2006 12:48:31 AM
  BasePriority : Normal
  FileVersion : 8.0.198.0
  ProductVersion : 8.0.198.0
  ProductName : McAfee Personal Firewall
  CompanyName : McAfee, Inc.
  FileDescription : McAfee Personal Firewall Service
  InternalName : MPFService
  LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
  OriginalFilename : MpfService.exe
  Comments : McAfee Personal Firewall Service
  
  #:36 [nvsvc32.exe]
  FilePath : C:\WINDOWS\system32\
  ProcessID : 1772
  ThreadCreationTime : 8-16-2006 12:48:31 AM
  BasePriority : Normal
  FileVersion : 6.14.10.7189
  ProductVersion : 6.14.10.7189
  ProductName : NVIDIA Driver Helper Service, Version 71.89
  CompanyName : NVIDIA Corporation
  FileDescription : NVIDIA Driver Helper Service, Version 71.89
  InternalName : NVSVC
  LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
  OriginalFilename : nvsvc32.exe
  
  #:37 [svchost.exe]
  FilePath : C:\WINDOWS\system32\
  ProcessID : 2180
  ThreadCreationTime : 8-16-2006 12:48:33 AM
  BasePriority : Normal
  FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
  ProductVersion : 5.1.2600.2180
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Generic Host Process for Win32 Services
  InternalName : svchost.exe
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : svchost.exe
  
  #:38 [wdfmgr.exe]
  FilePath : C:\WINDOWS\system32\
  ProcessID : 2260
  ThreadCreationTime : 8-16-2006 12:48:34 AM
  BasePriority : Normal
  FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
  ProductVersion : 5.2.3790.1230
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Windows User Mode Driver Manager
  InternalName : WdfMgr
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : WdfMgr.exe
  
  #:39 [uaservice7.exe]
  FilePath : C:\WINDOWS\system32\
  ProcessID : 2344
  ThreadCreationTime : 8-16-2006 12:48:35 AM
  BasePriority : Normal
  
  
  #:40 [spysweeper.exe]
  FilePath : C:\Program Files\Webroot\Spy Sweeper\
  ProcessID : 2372
  ThreadCreationTime : 8-16-2006 12:48:35 AM
  BasePriority : Normal
  FileVersion : 3,0,5,1286
  ProductVersion : 3, 0
  ProductName : Spy Sweeper SDK
  CompanyName : Webroot Software, Inc.
  FileDescription : Spy Sweeper Engine
  LegalCopyright : Copyright (C) 2002 - 2006, All Rights Reserved.
  LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.
  OriginalFilename : SpySweeper.exe
  
  #:41 [mcagent.exe]
  FilePath : C:\PROGRA~1\mcafee.com\agent\
  ProcessID : 2508
  ThreadCreationTime : 8-16-2006 12:48:39 AM
  BasePriority : Normal
  FileVersion : 7,0,317,0
  ProductVersion : 7,0,0,0
  ProductName : McAfee SecurityCenter
  CompanyName : McAfee, Inc.
  FileDescription : McAfee Integrated Security Platform
  InternalName : McAgent
  LegalCopyright : Copyright © 2006 McAfee, Inc.
  OriginalFilename : McAgent.exe
  
  #:42 [ipodservice.exe]
  FilePath : C:\Program Files\iPod\bin\
  ProcessID : 3244
  ThreadCreationTime : 8-16-2006 12:49:05 AM
  BasePriority : Normal
  FileVersion : 6.0.5.20
  ProductVersion : 6.0.5.20
  ProductName : iTunes
  CompanyName : Apple Computer, Inc.
  FileDescription : iPodService Module
  InternalName : iPodService
  LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
  OriginalFilename : iPodService.exe
  
  #:43 [alg.exe]
  FilePath : C:\WINDOWS\System32\
  ProcessID : 3848
  ThreadCreationTime : 8-16-2006 12:49:20 AM
  BasePriority : Normal
  FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
  ProductVersion : 5.1.2600.2180
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Application Layer Gateway Service
  InternalName : ALG.exe
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : ALG.exe
  
  #:44 [svchost.exe]
  FilePath : C:\WINDOWS\system32\
  ProcessID : 3080
  ThreadCreationTime : 8-16-2006 12:51:46 AM
  BasePriority : Normal
  FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
  ProductVersion : 5.1.2600.2180
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Generic Host Process for Win32 Services
  InternalName : svchost.exe
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : svchost.exe
  
  #:45 [acrord32.exe]
  FilePath : C:\Program Files\Adobe\Acrobat 7.0\Reader\
  ProcessID : 3788
  ThreadCreationTime : 8-16-2006 2:07:35 AM
  BasePriority : Normal
  FileVersion : 7.0.8.2006051600
  ProductVersion : 7.0.8.2006051600
  ProductName : Adobe Reader
  CompanyName : Adobe Systems Incorporated
  FileDescription : Adobe Reader 7.0
  LegalCopyright : Copyright 1984-2006 Adobe Systems Incorporated and its licensors. All rights reserved.
  OriginalFilename : AcroRd32.exe
  
  #:46 [iexplore.exe]
  FilePath : C:\Program Files\Internet Explorer\
  ProcessID : 3316
  ThreadCreationTime : 8-18-2006 11:31:40 AM
  BasePriority : Normal
  FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
  ProductVersion : 6.00.2900.2180
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Internet Explorer
  InternalName : iexplore
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : IEXPLORE.EXE
  
  #:47 [mcupdui.exe]
  FilePath : c:\program files\mcafee\msc\
  ProcessID : 4372
  ThreadCreationTime : 8-18-2006 7:09:08 PM
  BasePriority : Normal
  FileVersion : 7,0,317,0
  ProductVersion : 7,0,0,0
  ProductName : McAfee SecurityCenter
  CompanyName : McAfee, Inc.
  FileDescription : McAfee McUpdUI EXE
  InternalName : McUpdUI
  LegalCopyright : Copyright © 2006 McAfee, Inc.
  OriginalFilename : McUpdUI.exe
  
  #:48 [xfire.exe]
  FilePath : C:\Documents and Settings\Mike\Desktop\WoW\Xfire\
  ProcessID : 2956
  ThreadCreationTime : 8-21-2006 10:52:54 AM
  BasePriority : Normal
  FileVersion : 13133
  ProductVersion : 13133
  ProductName : Xfire
  CompanyName : Xfire Inc.
  FileDescription : Xfire
  InternalName : xfire
  LegalCopyright : Copyright 2004 Xfire Inc.
  OriginalFilename : xfire.exe
  Comments : Xfire
  
  #:49 [iexplore.exe]
  FilePath : C:\Program Files\Internet Explorer\
  ProcessID : 2552
  ThreadCreationTime : 8-21-2006 10:53:19 AM
  BasePriority : Normal
  FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
  ProductVersion : 6.00.2900.2180
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Internet Explorer
  InternalName : iexplore
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : IEXPLORE.EXE
  
  #:50 [siteadv.exe]
  FilePath : C:\Program Files\SiteAdvisor\
  ProcessID : 4148
  ThreadCreationTime : 8-21-2006 10:53:25 AM
  BasePriority : Normal
  FileVersion : 1.6.0.23
  ProductVersion : 1.6.0.23
  ProductName : SiteAdvisor
  CompanyName : McAfee, Inc.
  FileDescription : SiteAdvisor
  InternalName : SiteAdv
  LegalCopyright : Copyright McAfee, Inc. All rights reserved.
  OriginalFilename : SiteAdv
  
  #:51 [frontpg.exe]
  FilePath : C:\Program Files\Microsoft Office\Office\
  ProcessID : 4504
  ThreadCreationTime : 8-21-2006 11:26:49 AM
  BasePriority : Normal
  FileVersion : 4.0.2.2717
  ProductVersion : 4.0.2.2717
  ProductName : Microsoft® FrontPage® 2000
  CompanyName : Microsoft Corporation
  FileDescription : Microsoft FrontPage application file
  LegalCopyright : Copyright © 1995-1999 Microsoft Corporation, All rights reserved.
  OriginalFilename : FRONTPG.EXE
  
  #:52 [ad-aware.exe]
  FilePath : C:\Documents and Settings\Mike\Desktop\Zsnes\o\aawsep\Ad-Aware SE Personal\
  ProcessID : 5156
  ThreadCreationTime : 8-21-2006 1:04:53 PM
  BasePriority : Normal
  FileVersion : 6.2.0.236
  ProductVersion : SE 106
  ProductName : Lavasoft Ad-Aware SE
  CompanyName : Lavasoft Sweden
  FileDescription : Ad-Aware SE Core application
  InternalName : Ad-Aware.exe
  LegalCopyright : Copyright © Lavasoft AB Sweden
  OriginalFilename : Ad-Aware.exe
  Comments : All Rights Reserved
  
  Memory scan result:
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  New critical objects: 0
  Objects found so far: 0
  
  
  Started registry scan
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  
  MalwareWipe Object Recognized!
  Type : Regkey
  Data :
  TAC Rating : 3
  Category : Misc
  Comment :
  Rootkey : HKEY_CLASSES_ROOT
  Object : clsid\{9dfd0a51-6176-5770-217c-a5bcd7e6f3e2}
  
  Registry Scan result:
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  New critical objects: 1
  Objects found so far: 1
  
  
  Started deep registry scan
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  
  Deep registry scan result:
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  New critical objects: 0
  Objects found so far: 1
  
  
  Started Tracking Cookie scan
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@247realmedia[1].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@247realmedia[1].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@2o7[1].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@2o7[1].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@adrevolver[1].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@adrevolver[1].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@adrevolver[3].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@adrevolver[3].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@ads.addynamix[1].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@ads.addynamix[1].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@ads.pointroll[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@ads.pointroll[2].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@ads.tripod.lycos[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@ads.tripod.lycos[2].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@adserver.filefront[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@adserver.filefront[2].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@adserver[1].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@adserver[1].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@advertising[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@advertising[2].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@apmebf[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@apmebf[2].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@as-us.falkag[1].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@as-us.falkag[1].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@atdmt[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@atdmt[2].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@bfast[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@bfast[2].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@bravenet[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@bravenet[2].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@casalemedia[1].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@casalemedia[1].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@clickbank[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@clickbank[2].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@doubleclick[1].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@doubleclick[1].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@edge.ru4[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@edge.ru4[2].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@ehg-autodesk.hitbox[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@ehg-autodesk.hitbox[2].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@ehg-gamespot.hitbox[1].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@ehg-gamespot.hitbox[1].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@ehg-ubisoft.hitbox[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@ehg-ubisoft.hitbox[2].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@fastclick[1].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@fastclick[1].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@fortunecity[1].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@fortunecity[1].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@hitbox[1].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@hitbox[1].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@landing.domainsponsor[1].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@landing.domainsponsor[1].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@live365[1].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@live365[1].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@mediaplex[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@mediaplex[2].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@overture[1].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@overture[1].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@paycounter[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@paycounter[2].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@perf.overture[1].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@perf.overture[1].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@phg.hitbox[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@phg.hitbox[2].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@qksrv[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@qksrv[2].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@questionmarket[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@questionmarket[2].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@rambler[1].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@rambler[1].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@realmedia[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@realmedia[2].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@reduxads.valuead[1].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@reduxads.valuead[1].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@revenue[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@revenue[2].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@serving-sys[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@serving-sys[2].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@stat.onestat[1].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment : www.searchtraffic.com
  Value : C:\Documents and Settings\Mike\Cookies\mike@stat.onestat[1].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@statcounter[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@statcounter[2].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@statse.webtrendslive[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@statse.webtrendslive[2].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@trafficmp[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@trafficmp[2].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@tribalfusion[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@tribalfusion[2].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@tripod[1].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@tripod[1].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@xml.bravenetmedianetwork[1].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@xml.bravenetmedianetwork[1].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@xxxcounter[1].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@xxxcounter[1].txt
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]mike@zedo[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment :
  Value : C:\Documents and Settings\Mike\Cookies\mike@zedo
  

  0
• sk8erfr3ak7

  August 2006 edited August 2006

  PART II of the Ad-Aware Log-file and a Picture:
  
  [2].txt
  
  Tracking cookie scan result:
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  New critical objects: 48
  Objects found so far: 49
  
  
  
  Deep scanning and examining files...
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  
  Disk Scan Result for C:\WINDOWS
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  New critical objects: 0
  Objects found so far: 49
  
  H@tKeysH@@k Object Recognized!
  Type : File
  Data : [email]h@tkeysh@@k.dll[/email]
  TAC Rating : 5
  Category : Data Miner
  Comment :
  Object : C:\WINDOWS\system32\
  
  
  
  Disk Scan Result for C:\WINDOWS\system32
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  New critical objects: 0
  Objects found so far: 50
  
  Disk Scan Result for C:\DOCUME~1\Mike\LOCALS~1\Temp\
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  New critical objects: 0
  Objects found so far: 50
  
  
  Scanning Hosts file......
  Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  
  Hosts file scan result:
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  1 entries scanned.
  New critical objects:0
  Objects found so far: 50
  
  
  
  Possible Browser Hijack attempt Object Recognized!
  Type : File
  Data : 3ds max Computer Camp - DMA Video Game Camps & Computer Camps - 3ds max II.url
  TAC Rating : 5
  Category : Misc
  Comment : Problematic URL discovered: http://www.digitalmediaacademy.org/courses/computer-camp-3ds-max-II.html
  Object : C:\Documents and Settings\Mike\Favorites\Game Creation\
  
  
  
  MRU List Object Recognized!
  Location: : C:\Documents and Settings\Mike\Application Data\microsoft\office\recent
  Description : list of recently opened documents using microsoft office
  
  
  MRU List Object Recognized!
  Location: : C:\Documents and Settings\Mike\recent
  Description : list of recently opened documents
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\corel\user assistant\12\recent work\wordperfect\last opened
  Description : list of recently opened documents in corel wordperfect
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\corel\user assistant\12\recent work\wordperfect\last opened
  Description : list of recently opened documents in corel wordperfect
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\microsoft\direct3d\mostrecentapplication
  Description : most recent application to use microsoft direct3d
  
  
  MRU List Object Recognized!
  Location: : software\microsoft\direct3d\mostrecentapplication
  Description : most recent application to use microsoft direct3d
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\microsoft\direct3d\mostrecentapplication
  Description : most recent application to use microsoft direct X
  
  
  MRU List Object Recognized!
  Location: : software\microsoft\direct3d\mostrecentapplication
  Description : most recent application to use microsoft direct X
  
  
  MRU List Object Recognized!
  Location: : software\microsoft\directdraw\mostrecentapplication
  Description : most recent application to use microsoft directdraw
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\microsoft\directinput\mostrecentapplication
  Description : most recent application to use microsoft directinput
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\microsoft\directinput\mostrecentapplication
  Description : most recent application to use microsoft directinput
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\microsoft\frontpage\editor
  Description : last used folder in microsoft frontpage
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\microsoft\frontpage\editor
  Description : folder of the last used web in microsoft frontpage
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\microsoft\frontpage\editor\insert hyperlink\recently used urls
  Description : list of recently used urls in microsoft frontpage
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\microsoft\frontpage\editor\insert image\recently used urls
  Description : list of recently used urls in microsoft frontpage
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\microsoft\frontpage\editor\recently used urls
  Description : list of recently used urls in microsoft frontpage
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\microsoft\internet explorer
  Description : last download directory used in microsoft internet explorer
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\microsoft\internet explorer\main
  Description : last save directory used in microsoft internet explorer
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\microsoft\internet explorer\typedurls
  Description : list of recently entered addresses in microsoft internet explorer
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\microsoft\mediaplayer\medialibraryui
  Description : last selected node in the microsoft windows media player media library
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\microsoft\mediaplayer\preferences
  Description : last playlist index loaded in microsoft windows media player
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\microsoft\mediaplayer\preferences
  Description : last playlist loaded in microsoft windows media player
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\microsoft\search assistant\acmru
  Description : list of recent search terms used with the search assistant
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\microsoft\windows\currentversion\applets\paint\recent file list
  Description : list of files recently opened using microsoft paint
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\microsoft\windows\currentversion\applets\regedit
  Description : last key accessed using the microsoft registry editor
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\microsoft\windows\currentversion\applets\wordpad\recent file list
  Description : list of recent files opened using wordpad
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
  Description : list of recent programs opened
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
  Description : list of recently saved files, stored according to file extension
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\microsoft\windows\currentversion\explorer\recentdocs
  Description : list of recent documents opened
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\nvidia corporation\global\nview\windowmanagement
  Description : nvidia nview cached application window positions
  
  
  MRU List Object Recognized!
  Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
  Description : windows media sdk
  
  
  MRU List Object Recognized!
  Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
  Description : windows media sdk
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\microsoft\windows media\wmsdk\general
  Description : windows media sdk
  
  
  MRU List Object Recognized!
  Location: : S-1-5-21-1123561945-329068152-725345543-1007\software\winrar\dialogedithistory\extrpath
  Description : winrar "extract-to" history
  
  
  
  Performing conditional scans...
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  
  Conditional scan result:
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  New critical objects: 0
  Objects found so far: 85
  
  9:10:21 AM Scan Complete
  
  Summary Of This Scan
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  Total scanning time:00:04:20.516
  Objects scanned:94481
  Objects identified:51
  Objects ignored:0
  New critical objects:51
  
  
  
  SOMETIMES, when I go to a site even though the site is working I get redirected almost instantaneously to here:
  
  

  0
• jmoney3457 Maine

  August 2006 edited August 2006

  system doctor is a norton product do you have it installed on your machine? also please do the following-->First download ewido anti-spyware from HERE and save that file to your desktop.
  This is a 30 day trial of the program

  1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run ewido and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
     • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
     • Select "Automatically generate report after every scan"
     • Un-Select "Only if threats were found"

  Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

  1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
     IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  2. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. ewido will now begin the scanning process, be patient this may take a little time.
     Once the scan is complete do the following:
  5. If you have any infections you will prompted, then select "Apply all actions"
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  8. Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.

  0
• sk8erfr3ak7

  August 2006 edited August 2006

  jmoney3457 wrote:

  system doctor is a norton product do you have it installed on your machine?

  Nope, I don't have any norton programs on my computer. I have McAfee.

  0
• jmoney3457 Maine

  August 2006 edited August 2006

  ok, did you do the ewido scan?

  0
• sk8erfr3ak7

  August 2006 edited August 2006

  yes here it is:
  

  ---

  ewido anti-spyware - Scan Report

  ---

  
  + Created at: 8:17:38 PM 8/27/2006
  
  + Scan result:
  
  
  
  C:\Program Files\IntCodec -> Adware.IntCodec : Cleaned with backup (quarantined).
  C:\Program Files\IntCodec\iesplugin.dll -> Adware.IntCodec : Cleaned with backup (quarantined).
  C:\Program Files\IntCodec\isaddon.dll -> Adware.IntCodec : Cleaned with backup (quarantined).
  C:\Program Files\IntCodec\isamini.exe -> Adware.IntCodec : Cleaned with backup (quarantined).
  C:\Program Files\IntCodec\isamonitor.exe -> Adware.IntCodec : Cleaned with backup (quarantined).
  C:\Program Files\IntCodec\isauninst.exe -> Adware.IntCodec : Cleaned with backup (quarantined).
  C:\Program Files\IntCodec\ot.ico -> Adware.IntCodec : Cleaned with backup (quarantined).
  C:\Program Files\IntCodec\pmmon.exe -> Adware.IntCodec : Cleaned with backup (quarantined).
  C:\Program Files\IntCodec\pmsngr.exe -> Adware.IntCodec : Cleaned with backup (quarantined).
  C:\Program Files\IntCodec\ts.ico -> Adware.IntCodec : Cleaned with backup (quarantined).
  C:\Documents and Settings\Mike\Local Settings\Temp\tmp85.tmp -> Not-A-Virus.Hoax.Win32.Renos.dp : Cleaned with backup (quarantined).
  C:\Documents and Settings\Mike\Cookies\mike@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
  C:\Documents and Settings\Mike\Cookies\mike@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
  C:\Documents and Settings\Mike\Cookies\mike@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
  C:\Documents and Settings\Mike\Cookies\mike@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
  C:\Documents and Settings\Mike\Cookies\mike@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
  C:\Documents and Settings\Mike\Cookies\mike@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
  C:\Documents and Settings\Mike\Cookies\mike@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
  C:\Documents and Settings\Mike\Cookies\mike@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
  C:\Documents and Settings\Mike\Cookies\mike@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
  C:\Documents and Settings\Mike\Cookies\mike@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
  C:\Documents and Settings\Mike\Cookies\mike@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
  C:\Documents and Settings\Mike\Cookies\mike@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
  C:\Documents and Settings\Mike\Cookies\mike@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
  C:\Documents and Settings\Mike\Cookies\mike@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
  C:\Documents and Settings\Mike\Cookies\mike@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
  
  
  ::Report end

  0
• jmoney3457 Maine

  August 2006 edited August 2006

  did you install this program knowingly?-->C:\Program Files\IntCodec it appears to me spyware

  0
• sk8erfr3ak7

  August 2006 edited August 2006

  jmoney3457 wrote:

  did you install this program knowingly?-->C:\Program Files\IntCodec it appears to me spyware

  No. How do I remove it?

  0
• jmoney3457 Maine

  August 2006 edited August 2006

  go to add/remove programs and see if you can find it there and if you do click remove and it should uninstall if its not there, delete the folder and reboot but if it gives you trouble deleting such as "program currently in use" boot into safe mode delete the IntCodec folder located at C:\Program Files\ but be sure NOT to delete program files folder ONLY the Intcodec folder it's important you don't delete the program files folder as alot of needed programs are in the folder..then reboot and post new hjt log

  0
• sk8erfr3ak7

  August 2006 edited August 2006

  i tried doing that and it was gone from list but just reappeared later and now atm it isnt showing up in list anymore. wut do i do?
  Here is my current HiJack This Logfile i just got:
  Logfile of HijackThis v1.99.1
  Scan saved at 8:29:24 PM, on 8/31/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\LEXBCES.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\LEXPPS.EXE
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\Program Files\Analog Devices\Core\smax4pnp.exe
  C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
  C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
  C:\WINDOWS\system32\dla\tfswctrl.exe
  C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\PROGRA~1\McAfee\MSC\McLogCln.exe
  C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
  C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
  C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
  c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
  C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
  C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
  C:\PROGRA~1\McAfee\MSC\mctskshd.exe
  C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
  C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
  C:\Program Files\McAfee\MPF\MPFSrv.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\UAService7.exe
  C:\PROGRA~1\mcafee.com\agent\mcagent.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\PROGRA~1\McAfee\MSC\McLogCln.exe
  c:\program files\mcafee\msc\mcupdui.exe
  c:\program files\common files\mcafee\mna\mcnasvc.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\SiteAdvisor\SiteAdv.exe
  C:\Documents and Settings\Mike\Desktop\WoW\Xfire\Xfire.exe
  C:\Documents and Settings\Mike\Desktop\Zsnes\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
  O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
  O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
  O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
  O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
  O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
  O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
  O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
  O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
  O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [McLogLch_exe] C:\Program Files\McAfee\MSC\McLogLch.exe
  O4 - HKLM\..\Run: [0290701157020857mcinstcleanup] C:\WINDOWS\TEMP\029070~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog
  O4 - HKLM\..\RunOnce: [!mcagntps.dll] regsvr32.exe /s c:\PROGRA~1\mcafee.com\agent\mcagntps.dll
  O4 - HKLM\..\RunOnce: [mcagent.exe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe -regserver
  O4 - HKLM\..\RunOnce: [!mcmispps.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\msc\mcmispps.dll
  O4 - HKLM\..\RunOnce: [!mccfgpv.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\msc\mccfgpv.dll
  O4 - HKLM\..\RunOnce: [mclogsrv.exe] c:\PROGRA~1\mcafee\msc\mclogsrv.exe -regserver
  O4 - HKLM\..\RunOnce: [!mcdbmgr.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\msc\mcdbmgr.dll
  O4 - HKLM\..\RunOnce: [!mcmscver.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\msc\mcmscver.dll
  O4 - HKLM\..\RunOnce: [mcpromgr.exe] c:\PROGRA~1\mcafee\msc\mcpromgr.exe -regserver
  O4 - HKLM\..\RunOnce: [!mcprotpv.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\msc\mcprotpv.dll
  O4 - HKLM\..\RunOnce: [!mcshllps.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\msc\mcshllps.dll
  O4 - HKLM\..\RunOnce: [!mcuicfg.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\msc\mcuicfg.dll
  O4 - HKLM\..\RunOnce: [mcupdmgr.exe] c:\PROGRA~1\mcafee\msc\mcupdmgr.exe -regserver
  O4 - HKLM\..\RunOnce: [mcupdui.exe] c:\PROGRA~1\mcafee\msc\mcupdui.exe -regserver
  O4 - HKLM\..\RunOnce: [mcusrmgr.exe] c:\PROGRA~1\mcafee\msc\mcusrmgr.exe -regserver
  O4 - HKLM\..\RunOnce: [!qcmisp.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\mqc\qcmisp.dll
  O4 - HKLM\..\RunOnce: [!mcnmcsps.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\msc\mcnmcsps.dll
  O4 - HKLM\..\RunOnce: [!mcnmcsrv.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\msc\mcnmcsrv.dll
  O4 - HKLM\..\RunOnce: [!mcnmcver.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\msc\mcnmcver.dll
  O4 - HKLM\..\RunOnce: [!mccoreps.dll] regsvr32.exe /s c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll
  O4 - HKLM\..\RunOnce: [!mcevtbrk.dll] regsvr32.exe /s c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll
  O4 - HKLM\..\RunOnce: [!MCNASV~1.DLL] regsvr32.exe /s c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL
  O4 - HKLM\..\RunOnce: [mcnasvc.exe] c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe -regserver
  O4 - HKLM\..\RunOnce: [!mcuj.dll] regsvr32.exe /s c:\PROGRA~1\COMMON~1\mcafee\mna\mcuj.dll
  O4 - HKLM\..\RunOnce: [!mpfp.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\mpf\mc\mpfp.dll
  O4 - HKLM\..\RunOnce: [!mpfmisp.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll
  O4 - HKLM\..\RunOnce: [!fwdrvver.dll] regsvr32.exe /s c:\PROGRA~1\COMMON~1\mcafee\fwdriver\fwdrvver.dll
  O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
  O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
  O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
  O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
  O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
  O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
  O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
  O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
  O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
  O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
  O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
  O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
  O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
  O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
  O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
  O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
  O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
  
  

  0
• sk8erfr3ak7

  August 2006 edited August 2006

  Do you think maybe when it got quarentined by ewido it was fixed? Because now when I go to those pages that got that System Doctor popup and wouldnt load like in the screenshot earlier above, the page loads normally and that doesnt happen now.

  0
• jmoney3457 Maine

  August 2006 edited August 2006

  make sure you can view hidden files/folders-->http://www.bleepingcomputer.com/tutorials/tutorial62.html#winxp directions on how to and then try to find it again if you cant lemme know
  

  Do you think maybe when it got quarentined by ewido it was fixed?

  it's possible not 100% sure though i'll know once you let me know if you can find it or not with hidden files/folder enabled

  0
• sk8erfr3ak7

  September 2006 edited September 2006

  i did that and didnt find it. does that mean im clean now?

  0
• sk8erfr3ak7

  September 2006 edited September 2006

  if so THANK YOU THANK YOU THANK YOU THANK YOU!

  0
• jmoney3457 Maine

  September 2006 edited September 2006

  please post new HJT log so i can be sure and also is the pc running better now?

  0
• sk8erfr3ak7

  September 2006 edited September 2006

  Logfile of HijackThis v1.99.1
  Scan saved at 6:56:39 PM, on 9/1/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\LEXBCES.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\LEXPPS.EXE
  C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
  C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
  C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
  c:\program files\common files\mcafee\mna\mcnasvc.exe
  C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
  C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
  c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
  C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
  C:\PROGRA~1\McAfee\MSC\mctskshd.exe
  C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
  C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
  C:\Program Files\McAfee\MPF\MPFSrv.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\UAService7.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Analog Devices\Core\smax4pnp.exe
  C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
  C:\WINDOWS\system32\dla\tfswctrl.exe
  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\PROGRA~1\McAfee\MSC\McLogCln.exe
  C:\PROGRA~1\mcafee.com\agent\mcagent.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\PROGRA~1\mcafee\msc\mcupdui.exe
  C:\WINDOWS\explorer.exe
  C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
  c:\program files\mcafee\msc\mcuimgr.exe
  C:\Documents and Settings\Mike\Desktop\WoW\Xfire\Xfire.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\SiteAdvisor\SiteAdv.exe
  C:\Documents and Settings\Mike\Desktop\Zsnes\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
  O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
  O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
  O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
  O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
  O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
  O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
  O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
  O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
  O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [McLogLch_exe] C:\Program Files\McAfee\MSC\McLogLch.exe
  O4 - HKLM\..\Run: [0226951157109214mcinstcleanup] C:\WINDOWS\TEMP\022695~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog
  O4 - HKLM\..\RunOnce: [!scriptsn.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
  O4 - HKLM\..\RunOnce: [mcsysmon.exe] c:\PROGRA~1\mcafee\VIRUSS~1\mcsysmon.exe -regserver
  O4 - HKLM\..\RunOnce: [!mcvsps.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mcvsps.dll
  O4 - HKLM\..\RunOnce: [!naiannps.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll
  O4 - HKLM\..\RunOnce: [!mcvsqt.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mcvsqt.dll
  O4 - HKLM\..\RunOnce: [!mvscfg.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll
  O4 - HKLM\..\RunOnce: [!mvsver.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mvsver.dll
  O4 - HKLM\..\RunOnce: [!naiann.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\naiann.dll
  O4 - HKLM\..\RunOnce: [!mcodsax.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll
  O4 - HKLM\..\RunOnce: [mcods.exe] c:\PROGRA~1\mcafee\VIRUSS~1\mcods.exe -regserver
  O4 - HKLM\..\RunOnce: [!mcvspp.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mcvspp.dll
  O4 - HKLM\..\RunOnce: [!mvsap.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mvsap.dll
  O4 - HKLM\..\RunOnce: [!mvslog.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mvslog.dll
  O4 - HKLM\..\RunOnce: [!mccoreps.dll] regsvr32.exe /s c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll
  O4 - HKLM\..\RunOnce: [!mcevtbrk.dll] regsvr32.exe /s c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll
  O4 - HKLM\..\RunOnce: [!redirver.dll] regsvr32.exe /s c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirver.dll
  O4 - HKLM\..\RunOnce: [redirsvc.exe] c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe -regserver
  O4 - HKLM\..\RunOnce: [!empxyver.dll] regsvr32.exe /s c:\PROGRA~1\COMMON~1\mcafee\emproxy\empxyver.dll
  O4 - HKLM\..\RunOnce: [!fwdrvver.dll] regsvr32.exe /s c:\PROGRA~1\COMMON~1\mcafee\fwdriver\fwdrvver.dll
  O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
  O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
  O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
  O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
  O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
  O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
  O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
  O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
  O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
  O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
  O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
  O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
  O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
  O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
  O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
  O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
  O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
  
  Yeah better than it was.

  0
• sk8erfr3ak7

  September 2006 edited September 2006

  except at the User screen where u select what user you wanna log into after i click my user it stays at that screen for like 35 seconds then my desktop starts to load after that.

  0
• sk8erfr3ak7

  September 2006 edited September 2006

  and i just noticed that when i log into my user a command prompt box flashes on screen for a second.

  0
• jmoney3457 Maine

  September 2006 edited September 2006

  your log looks clean but as for the slow startup you can configure what "starts" upon bootup and the less you select the faster the bootup time will be obviously to do this go start>programs>run>type in msconfig press enter and click the startup tab (last tab on the right at the top) and uncheck any programs you DON'T want to load on startup then press apply and ok then close out the box reboot and when your desktop boots backup it'll bring up a box that says you've selected a selective startup etc.. put a check in the box that says not to show the message again or else it'll bring up that box every time it boots up and obviously you can go re do this process as many times as you need til you reach your desired boot up time hope this helps and are there any more malware problems? if not i'll give my cleaup/prevention spiel and we'll be all set

  0
• sk8erfr3ak7

  September 2006 edited September 2006

  i tried what u said and a box popped up after clicking apply saying "Access denied to change these settings you must be logged into a computer administrator user account." EVERY user account on my pc is an administrator level and can access everything though. doesnt seem to be any faster, im gonna try a few more times and post back here. and no there doesnt seem to be anymore malware problems.

  0
• jmoney3457 Maine

  September 2006 edited September 2006

  Please download SmitfraudFix (by S!Ri)
  Extract the content (a folder named SmitfraudFix) to your Desktop.
  
  Open the SmitfraudFix folder and double-click smitfraudfix.cmd
  Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
  Please copy/paste the content of that report into your next reply.
  
  Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
  http://www.beyondlogic.org/consulting/proc...processutil.htm

  0
• sk8erfr3ak7

  October 2006 edited October 2006

  jmoney3457 wrote:

  Please download SmitfraudFix (by S!Ri)
  Extract the content (a folder named SmitfraudFix) to your Desktop.
  
  Open the SmitfraudFix folder and double-click smitfraudfix.cmd
  Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
  Please copy/paste the content of that report into your next reply.
  
  Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
  http://www.beyondlogic.org/consulting/proc...processutil.htm

  
  
  
  Sorry i havent been on in a while but here is the report file. HERE IT IS: SmitFraudFix v2.105
  
  Scan done at 8:26:50.68, Sat 10/07/2006
  Run from C:\Documents and Settings\Mike\Desktop\SmitfraudFix
  OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
  Fix run in normal mode
  
  »»»»»»»»»»»»»»»»»»»»»»»» C:\
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mike
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mike\Application Data
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» Start Menu
  
  C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Online Security Guide.url FOUND !
  C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Security Troubleshooting.url FOUND !
  
  »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Mike\FAVORI~1
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» Desktop
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
  
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
  "Source"="About:Home"
  "SubscribedURL"="About:Home"
  "FriendlyName"="My Current Home Page"
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
  !!!Attention, following keys are not inevitably infected!!!
  
  SrchSTS.exe by S!Ri
  Search SharedTaskScheduler's .dll
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
  "bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"
  
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
  !!!Attention, following keys are not inevitably infected!!!
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  "AppInit_DLLs"=""
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» End
  
  P.S. - for some reason my internet browser freezes up sometimes and i have to Ctrl+Alt+Delete it. And some things like games of mine start up slower then usual. BTW THX for the help and ur time.

  0
• jmoney3457 Maine

  October 2006 edited October 2006

  no problem,You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
  
  Please reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

  Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
  Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
  
  You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
  
  The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
  
  
  The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
  The report can also be found at the root of the system drive, usually at C:\rapport.txt
  
  Warning : running option #2 on a non infected computer will remove your Desktop background.

  0