I have run Ad-aware,CWshredder, Spybot, AVG, Trend Housecall, TDS-3, Panda Activescan, etrust antivirus and others. Most scans have shown several results but nothing seems to clean everything up. I seem to constantly get calls to the internet by nonsensical named files.
Below is Ad-Aware log file:
Ad-Aware SE Build 1.05
Logfile Created on:Friday, April 22, 2005 6:01:44 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BookedSpace(TAC index:10):18 total references
DealHelper(TAC index:7):4 total references
FizzleBar(TAC index:5):1 total references
PromulGate(TAC index:5):6 total references
Tracking Cookie(TAC index:3):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:44 %
Total physical memory:523568 kb
Available physical memory:226308 kb
Total page file size:1279784 kb
Available on page file:1006408 kb
Total virtual memory:2097024 kb
Available virtual memory:2043156 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects
4-22-2005 6:01:44 PM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 356
ThreadCreationTime : 4-22-2005 10:46:49 PM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 408
ThreadCreationTime : 4-22-2005 10:46:52 PM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 432
ThreadCreationTime : 4-22-2005 10:46:54 PM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 480
ThreadCreationTime : 4-22-2005 10:46:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 492
ThreadCreationTime : 4-22-2005 10:46:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 656
ThreadCreationTime : 4-22-2005 10:46:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 728
ThreadCreationTime : 4-22-2005 10:47:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 812
ThreadCreationTime : 4-22-2005 10:47:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 876
ThreadCreationTime : 4-22-2005 10:47:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 952
ThreadCreationTime : 4-22-2005 10:47:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1048
ThreadCreationTime : 4-22-2005 10:47:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [devldr32.exe]
ModuleName : C:\WINDOWS\system32\devldr32.exe
Command Line : C:\WINDOWS\system32\devldr32.exe
ProcessID : 1392
ThreadCreationTime : 4-22-2005 10:47:13 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 22
ProductVersion : 1, 0, 0, 22
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © 1997-2001 Creative Technology Ltd.
OriginalFilename : DevLdr32.exe
#:13 [aouavbb.exe]
ModuleName : C:\WINDOWS\system32\snyfwrq\aouavbb.exe
Command Line : C:\WINDOWS\system32\snyfwrq\aouavbb.exe
ProcessID : 1412
ThreadCreationTime : 4-22-2005 10:47:14 PM
BasePriority : Normal
#:14 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 1440
ThreadCreationTime : 4-22-2005 10:47:14 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:15 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 1492
ThreadCreationTime : 4-22-2005 10:47:17 PM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:16 [cdac11ba.exe]
ModuleName : C:\WINDOWS\system32\drivers\CDAC11BA.EXE
Command Line : C:\WINDOWS\system32\drivers\CDAC11BA.EXE
ProcessID : 1516
ThreadCreationTime : 4-22-2005 10:47:17 PM
BasePriority : Normal
FileVersion : 4.16.050
ProductVersion : 4.16.050 Windows NT 2002/04/24
ProductName : SafeCast Windows NT
CompanyName : Macrovision
FileDescription : Macrovision RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright © 1998-2002 Macrovision Corp.
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English
#:17 [crypserv.exe]
ModuleName : C:\WINDOWS\system32\crypserv.exe
Command Line : crypserv.exe
ProcessID : 1536
ThreadCreationTime : 4-22-2005 10:47:17 PM
BasePriority : High
FileVersion : 6.0
ProductVersion : 6.0
ProductName : CrypKey Software Licensing System
CompanyName : CrypKey (Canada) Ltd.
FileDescription : CrypKey NT Service
InternalName : crypserv
LegalCopyright : Copyright © 2000
LegalTrademarks : CrypKey
OriginalFilename : crypserv.exe
Comments : Operates in all directories, not just configured ones. Directory configuration only used for file clean up and uninstall
#:18 [nvsvc32.exe]
ModuleName : C:\WINDOWS\system32\nvsvc32.exe
Command Line : C:\WINDOWS\system32\nvsvc32.exe
ProcessID : 1600
ThreadCreationTime : 4-22-2005 10:47:18 PM
BasePriority : Normal
FileVersion : 6.14.10.6693
ProductVersion : 6.14.10.6693
ProductName : NVIDIA Driver Helper Service, Version 66.93
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 66.93
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:19 [retrorun.exe]
ModuleName : C:\Program Files\Dantz\Retrospect\retrorun.exe
Command Line : "C:\Program Files\Dantz\Retrospect\retrorun.exe"
ProcessID : 1624
ThreadCreationTime : 4-22-2005 10:47:19 PM
BasePriority : Normal
FileVersion : 6.5.342
ProductVersion : 6.5
ProductName : Retrospect
CompanyName : Dantz Development Corporation
FileDescription : Retrospect
InternalName :
LegalCopyright : Copyright Dantz 1989-2003
LegalTrademarks : Dantz® Retrospect®
OriginalFilename : retrorun.exe
#:20 [wdsvc.exe]
ModuleName : C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
Command Line : C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
ProcessID : 1812
ThreadCreationTime : 4-22-2005 10:47:30 PM
BasePriority : Normal
FileVersion : 6.5.342
ProductVersion : 6.5
ProductName : Retrospect
CompanyName : Dantz Development Corporation
FileDescription : Retrospect
InternalName :
LegalCopyright : Copyright Dantz 1989-2003
LegalTrademarks : Dantz® Retrospect®
OriginalFilename : wdsvc.exe
#:21 [vetmsgnt.exe]
ModuleName : C:\WINDOWS\System32\VetMsgNT.exe
Command Line : C:\WINDOWS\System32\VetMsgNT.exe
ProcessID : 1888
ThreadCreationTime : 4-22-2005 10:47:32 PM
BasePriority : Normal
FileVersion : 1, 1, 0, 1
ProductVersion : 10, 2, 0, 0
ProductName : CAI Anti-Virus
CompanyName : Computer Associates International, Inc.
FileDescription : VetMsgNT
InternalName : VetMsgNT
LegalCopyright : Copyright © 1996-2001 Computer Associates International, Inc.
LegalTrademarks : Computer Associates International, Inc.
OriginalFilename : VetMsgNT.exe
Comments : CAI Anti-Virus message service for real-time protection
#:22 [vsmon.exe]
ModuleName : C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
Command Line : n/a
ProcessID : 1900
ThreadCreationTime : 4-22-2005 10:47:33 PM
BasePriority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : TrueVector Service
CompanyName : Zone Labs LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : vsmon.exe
#:23 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1992
ThreadCreationTime : 4-22-2005 10:47:36 PM
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:24 [vettray.exe]
ModuleName : C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
Command Line : "C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe"
ProcessID : 2012
ThreadCreationTime : 4-22-2005 10:47:36 PM
BasePriority : Normal
FileVersion : Version 1.0
ProductName : VetTray
CompanyName : Computer Associates International, Inc.
FileDescription : Iconic notifier
InternalName : VetTray
LegalCopyright : Copyright © 1997-2001 Computer Associates International, Inc.
OriginalFilename : VetTray.exe
#:25 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 164
ThreadCreationTime : 4-22-2005 10:47:37 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:26 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\RUNDLL32.EXE
Command Line : "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
ProcessID : 176
ThreadCreationTime : 4-22-2005 10:47:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:27 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 196
ThreadCreationTime : 4-22-2005 10:47:38 PM
BasePriority : Normal
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:28 [wdbtnmgr.exe]
ModuleName : C:\WINDOWS\system32\WDBtnMgr.exe
Command Line : "C:\WINDOWS\system32\WDBtnMgr.exe"
ProcessID : 276
ThreadCreationTime : 4-22-2005 10:47:39 PM
BasePriority : Normal
FileVersion : 1.0.7.0
ProductVersion : 1.0.7.0
ProductName : WD Button Manager
CompanyName : Western Digital Technologies, Inc.
FileDescription : WD Button Manager
InternalName : WD Button Manager
LegalCopyright : Copyright © 2003-2004
OriginalFilename : WDBtnMgr.exe
#:29 [seticon.exe]
ModuleName : C:\Program Files\WDC\SetIcon.exe
Command Line : "C:\Program Files\WDC\SetIcon.exe"
ProcessID : 284
ThreadCreationTime : 4-22-2005 10:47:40 PM
BasePriority : Normal
FileVersion : 1, 2, 0, 8
ProductVersion : 1, 2, 0, 8
ProductName : SMSC USB Custom Icons Application
CompanyName : Standard Microsystems Corp.
FileDescription : Custom Icons Application For USB Drives
InternalName : SetIcon
LegalCopyright : Copyright © 2002 - 2003
OriginalFilename : SetIcon.exe
#:30 [wlavalancheservice.exe]
ModuleName : C:\Program Files\Wavelink\Avalanche\Service\WLAvalancheService.exe
Command Line : "C:\Program Files\Wavelink\Avalanche\Service\WLAvalancheService.exe"
ProcessID : 404
ThreadCreationTime : 4-22-2005 10:47:41 PM
BasePriority : Normal
#:31 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32.exe nview.dll,nViewInitialize
ProcessID : 388
ThreadCreationTime : 4-22-2005 10:47:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:32 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
ProcessID : 108
ThreadCreationTime : 4-22-2005 10:47:41 PM
BasePriority : Normal
#:33 [zlclient.exe]
ModuleName : C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Command Line : n/a
ProcessID : 508
ThreadCreationTime : 4-22-2005 10:47:42 PM
BasePriority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : Zone Labs Client
CompanyName : Zone Labs LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : zlclient.exe
#:34 [rhiac.exe]
ModuleName : C:\WINDOWS\system32\coburuao\rhiac.exe
Command Line : "C:\WINDOWS\system32\coburuao\rhiac.exe"
ProcessID : 800
ThreadCreationTime : 4-22-2005 10:47:42 PM
BasePriority : Normal
#:35 [rujpw.exe]
ModuleName : C:\WINDOWS\system32\qdgkygwq\rujpw.exe
Command Line : "C:\WINDOWS\system32\qdgkygwq\rujpw.exe"
ProcessID : 820
ThreadCreationTime : 4-22-2005 10:47:43 PM
BasePriority : Normal
#:36 [cthelper.exe]
ModuleName : C:\WINDOWS\system32\CTHELPER.EXE
Command Line : "C:\WINDOWS\system32\CTHELPER.EXE"
ProcessID : 984
ThreadCreationTime : 4-22-2005 10:47:44 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper Application
InternalName : CtHelper
LegalCopyright : Copyright © 2002
OriginalFilename : CtHelper.EXE
#:37 [foab.exe]
ModuleName : C:\WINDOWS\system32\btvnk\foab.exe
Command Line : "C:\WINDOWS\system32\btvnk\foab.exe"
ProcessID : 1192
ThreadCreationTime : 4-22-2005 10:47:45 PM
BasePriority : Normal
#:38 [nsvsvc.exe]
ModuleName : C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
Command Line : "C:\WINDOWS\system32\nsvsvc\nsvsvc.exe"
ProcessID : 1320
ThreadCreationTime : 4-22-2005 10:47:46 PM
BasePriority : Normal
FileVersion : 2.17.0000
ProductVersion : 2, 1, 7, 0
#:39 [qprymvn.exe]
ModuleName : C:\WINDOWS\system32\qprymvn.exe
Command Line : "C:\WINDOWS\system32\qprymvn.exe"
ProcessID : 1620
ThreadCreationTime : 4-22-2005 10:47:46 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : version Application
FileDescription : version MFC Application
InternalName : version
LegalCopyright : Copyright © 2003
OriginalFilename : version.EXE
DealHelper Object Recognized!
Type : Process
Data : qprymvn.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : version Application
FileDescription : version MFC Application
InternalName : version
LegalCopyright : Copyright © 2003
OriginalFilename : version.EXE
Warning! DealHelper Object found in memory(C:\WINDOWS\system32\qprymvn.exe)
"C:\WINDOWS\system32\qprymvn.exe"Process terminated successfully
"C:\WINDOWS\system32\qprymvn.exe"Process terminated successfully
#:40 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 1556
ThreadCreationTime : 4-22-2005 10:47:48 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:41 [avgemc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
ProcessID : 1572
ThreadCreationTime : 4-22-2005 10:47:48 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:42 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\MsnMsgr.Exe
Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ProcessID : 1864
ThreadCreationTime : 4-22-2005 10:47:50 PM
BasePriority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:43 [wcescomm.exe]
ModuleName : C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
Command Line : "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
ProcessID : 1936
ThreadCreationTime : 4-22-2005 10:47:52 PM
BasePriority : Normal
FileVersion : 3.7.1.4034
ProductVersion : 3.7.4034
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : ActiveSync Connection Manager
InternalName : wcescomm
LegalCopyright : Copyright © 1995-2004 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : WCESCOMM.EXE
#:44 [a2guard.exe]
ModuleName : C:\Program Files\a2\a2guard.exe
Command Line : "C:\Program Files\a2\a2guard.exe"
ProcessID : 1860
ThreadCreationTime : 4-22-2005 10:47:52 PM
BasePriority : Normal
#:45 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 1928
ThreadCreationTime : 4-22-2005 10:47:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:46 [wkcalrem.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe"
ProcessID : 2168
ThreadCreationTime : 4-22-2005 10:47:57 PM
BasePriority : Normal
FileVersion : 6.00.1828.1
ProductVersion : 6.00.1828.1
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFilename : WKCALREM.EXE
#:47 [spampal.exe]
ModuleName : C:\Program Files\SpamPal\spampal.exe
Command Line : "C:\Program Files\SpamPal\spampal.exe"
ProcessID : 2216
ThreadCreationTime : 4-22-2005 10:47:59 PM
BasePriority : Normal
#:48 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 2624
ThreadCreationTime : 4-22-2005 10:48:16 PM
BasePriority : Normal
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:49 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2984
ThreadCreationTime : 4-22-2005 10:48:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:50 [explorer.exe]
ModuleName : C:\WINDOWS\explorer.exe
Command Line : C:\WINDOWS\explorer.exe
ProcessID : 3996
ThreadCreationTime : 4-22-2005 10:50:39 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:51 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1336
ThreadCreationTime : 4-22-2005 10:51:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:52 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1708
ThreadCreationTime : 4-22-2005 10:55:48 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll
Value : AppID
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value :
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value : AppID
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bookedspace
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
DealHelper Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dealhelper
PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\vccpgdataaccess.pgdataaccessctrl.1
PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\vccpgdataaccess.pgdataaccessctrl.1
Value :
PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{41700749-a109-4254-af13-be54011e8783}
PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{41700749-a109-4254-af13-be54011e8783}
Value :
PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}
PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}
Value :
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 23
Objects found so far: 24
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 24
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@statcounter[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 4-20-2010 11:08:10 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@tribalfusion[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 12-31-2037 7:00:00 PM
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 4-21-2015 7:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 5-21-2005 9:38:58 PM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 28
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@tickle[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\LocalService\Cookies\system@tickle[1].txt
FizzleBar Object Recognized!
Type : File
Data : A0094716.dll
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{42BC31E7-6CA3-4DBE-A5B2-AEE2399F970A}\RP380\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Popup Blocker
CompanyName : Tyrsoft
InternalName : iefwbar
OriginalFilename : iefwbar.dll
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
13 entries scanned.
New critical objects:0
Objects found so far: 31
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
DealHelper Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {01E04581-4EEE-11D0-BFE9-00AA005B4383}
DealHelper Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : version
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows
BookedSpace Object Recognized!
Type : File
Data : bsx32.ini
Category : Malware
Comment :
Object : C:\WINDOWS\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 35
6:21:55 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:20:10.911
Objects scanned:266449
Objects identified:35
Objects ignored:0
New critical objects:35