Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojans? Please help

Started by rodgeryng , Apr 22 2005 05:34 PM

  • This topic is locked This topic is locked

#1
rodgeryng
Posted 22 April 2005 - 05:34 PM

rodgeryng

    New Member

  • Member
  • Pip
  • 9 posts
While I have kept a fairly clean computer over the last year; I recently disabled my firewall while working with a wireless router. Forgot to turn it back on when disconected the router. I am ver sorry I did.

I have run Ad-aware,CWshredder, Spybot, AVG, Trend Housecall, TDS-3, Panda Activescan, etrust antivirus and others. Most scans have shown several results but nothing seems to clean everything up. I seem to constantly get calls to the internet by nonsensical named files.

Below is Ad-Aware log file:


Ad-Aware SE Build 1.05
Logfile Created on:Friday, April 22, 2005 6:01:44 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BookedSpace(TAC index:10):18 total references
DealHelper(TAC index:7):4 total references
FizzleBar(TAC index:5):1 total references
PromulGate(TAC index:5):6 total references
Tracking Cookie(TAC index:3):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:44 %
Total physical memory:523568 kb
Available physical memory:226308 kb
Total page file size:1279784 kb
Available on page file:1006408 kb
Total virtual memory:2097024 kb
Available virtual memory:2043156 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


4-22-2005 6:01:44 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 356
ThreadCreationTime : 4-22-2005 10:46:49 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 408
ThreadCreationTime : 4-22-2005 10:46:52 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 432
ThreadCreationTime : 4-22-2005 10:46:54 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 480
ThreadCreationTime : 4-22-2005 10:46:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 492
ThreadCreationTime : 4-22-2005 10:46:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 656
ThreadCreationTime : 4-22-2005 10:46:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 728
ThreadCreationTime : 4-22-2005 10:47:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 812
ThreadCreationTime : 4-22-2005 10:47:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 876
ThreadCreationTime : 4-22-2005 10:47:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 952
ThreadCreationTime : 4-22-2005 10:47:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1048
ThreadCreationTime : 4-22-2005 10:47:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [devldr32.exe]
ModuleName : C:\WINDOWS\system32\devldr32.exe
Command Line : C:\WINDOWS\system32\devldr32.exe
ProcessID : 1392
ThreadCreationTime : 4-22-2005 10:47:13 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 22
ProductVersion : 1, 0, 0, 22
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © 1997-2001 Creative Technology Ltd.
OriginalFilename : DevLdr32.exe

#:13 [aouavbb.exe]
ModuleName : C:\WINDOWS\system32\snyfwrq\aouavbb.exe
Command Line : C:\WINDOWS\system32\snyfwrq\aouavbb.exe
ProcessID : 1412
ThreadCreationTime : 4-22-2005 10:47:14 PM
BasePriority : Normal


#:14 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 1440
ThreadCreationTime : 4-22-2005 10:47:14 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:15 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 1492
ThreadCreationTime : 4-22-2005 10:47:17 PM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:16 [cdac11ba.exe]
ModuleName : C:\WINDOWS\system32\drivers\CDAC11BA.EXE
Command Line : C:\WINDOWS\system32\drivers\CDAC11BA.EXE
ProcessID : 1516
ThreadCreationTime : 4-22-2005 10:47:17 PM
BasePriority : Normal
FileVersion : 4.16.050
ProductVersion : 4.16.050 Windows NT 2002/04/24
ProductName : SafeCast Windows NT
CompanyName : Macrovision
FileDescription : Macrovision RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright © 1998-2002 Macrovision Corp.
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English

#:17 [crypserv.exe]
ModuleName : C:\WINDOWS\system32\crypserv.exe
Command Line : crypserv.exe
ProcessID : 1536
ThreadCreationTime : 4-22-2005 10:47:17 PM
BasePriority : High
FileVersion : 6.0
ProductVersion : 6.0
ProductName : CrypKey Software Licensing System
CompanyName : CrypKey (Canada) Ltd.
FileDescription : CrypKey NT Service
InternalName : crypserv
LegalCopyright : Copyright © 2000
LegalTrademarks : CrypKey
OriginalFilename : crypserv.exe
Comments : Operates in all directories, not just configured ones. Directory configuration only used for file clean up and uninstall

#:18 [nvsvc32.exe]
ModuleName : C:\WINDOWS\system32\nvsvc32.exe
Command Line : C:\WINDOWS\system32\nvsvc32.exe
ProcessID : 1600
ThreadCreationTime : 4-22-2005 10:47:18 PM
BasePriority : Normal
FileVersion : 6.14.10.6693
ProductVersion : 6.14.10.6693
ProductName : NVIDIA Driver Helper Service, Version 66.93
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 66.93
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:19 [retrorun.exe]
ModuleName : C:\Program Files\Dantz\Retrospect\retrorun.exe
Command Line : "C:\Program Files\Dantz\Retrospect\retrorun.exe"
ProcessID : 1624
ThreadCreationTime : 4-22-2005 10:47:19 PM
BasePriority : Normal
FileVersion : 6.5.342
ProductVersion : 6.5
ProductName : Retrospect
CompanyName : Dantz Development Corporation
FileDescription : Retrospect
InternalName :
LegalCopyright : Copyright Dantz 1989-2003
LegalTrademarks : Dantz® Retrospect®
OriginalFilename : retrorun.exe

#:20 [wdsvc.exe]
ModuleName : C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
Command Line : C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
ProcessID : 1812
ThreadCreationTime : 4-22-2005 10:47:30 PM
BasePriority : Normal
FileVersion : 6.5.342
ProductVersion : 6.5
ProductName : Retrospect
CompanyName : Dantz Development Corporation
FileDescription : Retrospect
InternalName :
LegalCopyright : Copyright Dantz 1989-2003
LegalTrademarks : Dantz® Retrospect®
OriginalFilename : wdsvc.exe

#:21 [vetmsgnt.exe]
ModuleName : C:\WINDOWS\System32\VetMsgNT.exe
Command Line : C:\WINDOWS\System32\VetMsgNT.exe
ProcessID : 1888
ThreadCreationTime : 4-22-2005 10:47:32 PM
BasePriority : Normal
FileVersion : 1, 1, 0, 1
ProductVersion : 10, 2, 0, 0
ProductName : CAI Anti-Virus
CompanyName : Computer Associates International, Inc.
FileDescription : VetMsgNT
InternalName : VetMsgNT
LegalCopyright : Copyright © 1996-2001 Computer Associates International, Inc.
LegalTrademarks : Computer Associates International, Inc.
OriginalFilename : VetMsgNT.exe
Comments : CAI Anti-Virus message service for real-time protection

#:22 [vsmon.exe]
ModuleName : C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
Command Line : n/a
ProcessID : 1900
ThreadCreationTime : 4-22-2005 10:47:33 PM
BasePriority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : TrueVector Service
CompanyName : Zone Labs LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : vsmon.exe

#:23 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1992
ThreadCreationTime : 4-22-2005 10:47:36 PM
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:24 [vettray.exe]
ModuleName : C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
Command Line : "C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe"
ProcessID : 2012
ThreadCreationTime : 4-22-2005 10:47:36 PM
BasePriority : Normal
FileVersion : Version 1.0
ProductName : VetTray
CompanyName : Computer Associates International, Inc.
FileDescription : Iconic notifier
InternalName : VetTray
LegalCopyright : Copyright © 1997-2001 Computer Associates International, Inc.
OriginalFilename : VetTray.exe

#:25 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 164
ThreadCreationTime : 4-22-2005 10:47:37 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:26 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\RUNDLL32.EXE
Command Line : "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
ProcessID : 176
ThreadCreationTime : 4-22-2005 10:47:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:27 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 196
ThreadCreationTime : 4-22-2005 10:47:38 PM
BasePriority : Normal
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:28 [wdbtnmgr.exe]
ModuleName : C:\WINDOWS\system32\WDBtnMgr.exe
Command Line : "C:\WINDOWS\system32\WDBtnMgr.exe"
ProcessID : 276
ThreadCreationTime : 4-22-2005 10:47:39 PM
BasePriority : Normal
FileVersion : 1.0.7.0
ProductVersion : 1.0.7.0
ProductName : WD Button Manager
CompanyName : Western Digital Technologies, Inc.
FileDescription : WD Button Manager
InternalName : WD Button Manager
LegalCopyright : Copyright © 2003-2004
OriginalFilename : WDBtnMgr.exe

#:29 [seticon.exe]
ModuleName : C:\Program Files\WDC\SetIcon.exe
Command Line : "C:\Program Files\WDC\SetIcon.exe"
ProcessID : 284
ThreadCreationTime : 4-22-2005 10:47:40 PM
BasePriority : Normal
FileVersion : 1, 2, 0, 8
ProductVersion : 1, 2, 0, 8
ProductName : SMSC USB Custom Icons Application
CompanyName : Standard Microsystems Corp.
FileDescription : Custom Icons Application For USB Drives
InternalName : SetIcon
LegalCopyright : Copyright © 2002 - 2003
OriginalFilename : SetIcon.exe

#:30 [wlavalancheservice.exe]
ModuleName : C:\Program Files\Wavelink\Avalanche\Service\WLAvalancheService.exe
Command Line : "C:\Program Files\Wavelink\Avalanche\Service\WLAvalancheService.exe"
ProcessID : 404
ThreadCreationTime : 4-22-2005 10:47:41 PM
BasePriority : Normal


#:31 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32.exe nview.dll,nViewInitialize
ProcessID : 388
ThreadCreationTime : 4-22-2005 10:47:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:32 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
ProcessID : 108
ThreadCreationTime : 4-22-2005 10:47:41 PM
BasePriority : Normal


#:33 [zlclient.exe]
ModuleName : C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Command Line : n/a
ProcessID : 508
ThreadCreationTime : 4-22-2005 10:47:42 PM
BasePriority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : Zone Labs Client
CompanyName : Zone Labs LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : zlclient.exe

#:34 [rhiac.exe]
ModuleName : C:\WINDOWS\system32\coburuao\rhiac.exe
Command Line : "C:\WINDOWS\system32\coburuao\rhiac.exe"
ProcessID : 800
ThreadCreationTime : 4-22-2005 10:47:42 PM
BasePriority : Normal


#:35 [rujpw.exe]
ModuleName : C:\WINDOWS\system32\qdgkygwq\rujpw.exe
Command Line : "C:\WINDOWS\system32\qdgkygwq\rujpw.exe"
ProcessID : 820
ThreadCreationTime : 4-22-2005 10:47:43 PM
BasePriority : Normal


#:36 [cthelper.exe]
ModuleName : C:\WINDOWS\system32\CTHELPER.EXE
Command Line : "C:\WINDOWS\system32\CTHELPER.EXE"
ProcessID : 984
ThreadCreationTime : 4-22-2005 10:47:44 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper Application
InternalName : CtHelper
LegalCopyright : Copyright © 2002
OriginalFilename : CtHelper.EXE

#:37 [foab.exe]
ModuleName : C:\WINDOWS\system32\btvnk\foab.exe
Command Line : "C:\WINDOWS\system32\btvnk\foab.exe"
ProcessID : 1192
ThreadCreationTime : 4-22-2005 10:47:45 PM
BasePriority : Normal


#:38 [nsvsvc.exe]
ModuleName : C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
Command Line : "C:\WINDOWS\system32\nsvsvc\nsvsvc.exe"
ProcessID : 1320
ThreadCreationTime : 4-22-2005 10:47:46 PM
BasePriority : Normal
FileVersion : 2.17.0000
ProductVersion : 2, 1, 7, 0

#:39 [qprymvn.exe]
ModuleName : C:\WINDOWS\system32\qprymvn.exe
Command Line : "C:\WINDOWS\system32\qprymvn.exe"
ProcessID : 1620
ThreadCreationTime : 4-22-2005 10:47:46 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : version Application
FileDescription : version MFC Application
InternalName : version
LegalCopyright : Copyright © 2003
OriginalFilename : version.EXE

DealHelper Object Recognized!
Type : Process
Data : qprymvn.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : version Application
FileDescription : version MFC Application
InternalName : version
LegalCopyright : Copyright © 2003
OriginalFilename : version.EXE

Warning! DealHelper Object found in memory(C:\WINDOWS\system32\qprymvn.exe)

"C:\WINDOWS\system32\qprymvn.exe"Process terminated successfully
"C:\WINDOWS\system32\qprymvn.exe"Process terminated successfully

#:40 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 1556
ThreadCreationTime : 4-22-2005 10:47:48 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:41 [avgemc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
ProcessID : 1572
ThreadCreationTime : 4-22-2005 10:47:48 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:42 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\MsnMsgr.Exe
Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ProcessID : 1864
ThreadCreationTime : 4-22-2005 10:47:50 PM
BasePriority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:43 [wcescomm.exe]
ModuleName : C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
Command Line : "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
ProcessID : 1936
ThreadCreationTime : 4-22-2005 10:47:52 PM
BasePriority : Normal
FileVersion : 3.7.1.4034
ProductVersion : 3.7.4034
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : ActiveSync Connection Manager
InternalName : wcescomm
LegalCopyright : Copyright © 1995-2004 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : WCESCOMM.EXE

#:44 [a2guard.exe]
ModuleName : C:\Program Files\a2\a2guard.exe
Command Line : "C:\Program Files\a2\a2guard.exe"
ProcessID : 1860
ThreadCreationTime : 4-22-2005 10:47:52 PM
BasePriority : Normal


#:45 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 1928
ThreadCreationTime : 4-22-2005 10:47:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:46 [wkcalrem.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe"
ProcessID : 2168
ThreadCreationTime : 4-22-2005 10:47:57 PM
BasePriority : Normal
FileVersion : 6.00.1828.1
ProductVersion : 6.00.1828.1
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFilename : WKCALREM.EXE

#:47 [spampal.exe]
ModuleName : C:\Program Files\SpamPal\spampal.exe
Command Line : "C:\Program Files\SpamPal\spampal.exe"
ProcessID : 2216
ThreadCreationTime : 4-22-2005 10:47:59 PM
BasePriority : Normal


#:48 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 2624
ThreadCreationTime : 4-22-2005 10:48:16 PM
BasePriority : Normal
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:49 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2984
ThreadCreationTime : 4-22-2005 10:48:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:50 [explorer.exe]
ModuleName : C:\WINDOWS\explorer.exe
Command Line : C:\WINDOWS\explorer.exe
ProcessID : 3996
ThreadCreationTime : 4-22-2005 10:50:39 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:51 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1336
ThreadCreationTime : 4-22-2005 10:51:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:52 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1708
ThreadCreationTime : 4-22-2005 10:55:48 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll
Value : AppID

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value :

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value : AppID

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bookedspace

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}

DealHelper Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dealhelper

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\vccpgdataaccess.pgdataaccessctrl.1

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\vccpgdataaccess.pgdataaccessctrl.1
Value :

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{41700749-a109-4254-af13-be54011e8783}

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{41700749-a109-4254-af13-be54011e8783}
Value :

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}
Value :

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 23
Objects found so far: 24


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 24


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@statcounter[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 4-20-2010 11:08:10 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@tribalfusion[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 12-31-2037 7:00:00 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 4-21-2015 7:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 5-21-2005 9:38:58 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 28



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@tickle[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\LocalService\Cookies\system@tickle[1].txt

FizzleBar Object Recognized!
Type : File
Data : A0094716.dll
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{42BC31E7-6CA3-4DBE-A5B2-AEE2399F970A}\RP380\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Popup Blocker
CompanyName : Tyrsoft
InternalName : iefwbar
OriginalFilename : iefwbar.dll


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31


Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
13 entries scanned.
New critical objects:0
Objects found so far: 31




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

DealHelper Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {01E04581-4EEE-11D0-BFE9-00AA005B4383}

DealHelper Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : version

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows

BookedSpace Object Recognized!
Type : File
Data : bsx32.ini
Category : Malware
Comment :
Object : C:\WINDOWS\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 35

6:21:55 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:20:10.911
Objects scanned:266449
Objects identified:35
Objects ignored:0
New critical objects:35
  • 0

Advertisements

#2
Guest_Andy_veal_*
Posted 22 April 2005 - 05:39 PM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R40 20.04.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#3
rodgeryng
Posted 22 April 2005 - 07:16 PM

rodgeryng

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Results of actions taken as described above.




Ad-Aware SE Build 1.05
Logfile Created on:Friday, April 22, 2005 7:50:17 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BookedSpace(TAC index:10):17 total references
Tracking Cookie(TAC index:3):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:46 %
Total physical memory:523568 kb
Available physical memory:235692 kb
Total page file size:1279784 kb
Available on page file:1026484 kb
Total virtual memory:2097024 kb
Available virtual memory:2045140 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


4-22-2005 7:50:17 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 356
ThreadCreationTime : 4-23-2005 12:43:58 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 408
ThreadCreationTime : 4-23-2005 12:44:02 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 432
ThreadCreationTime : 4-23-2005 12:44:04 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 480
ThreadCreationTime : 4-23-2005 12:44:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 492
ThreadCreationTime : 4-23-2005 12:44:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 644
ThreadCreationTime : 4-23-2005 12:44:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 728
ThreadCreationTime : 4-23-2005 12:44:10 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 800
ThreadCreationTime : 4-23-2005 12:44:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 876
ThreadCreationTime : 4-23-2005 12:44:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 928
ThreadCreationTime : 4-23-2005 12:44:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1036
ThreadCreationTime : 4-23-2005 12:44:16 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [aouavbb.exe]
ModuleName : C:\WINDOWS\system32\snyfwrq\aouavbb.exe
Command Line : C:\WINDOWS\system32\snyfwrq\aouavbb.exe
ProcessID : 1160
ThreadCreationTime : 4-23-2005 12:44:19 AM
BasePriority : Normal


#:13 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 1180
ThreadCreationTime : 4-23-2005 12:44:19 AM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:14 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 1224
ThreadCreationTime : 4-23-2005 12:44:20 AM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:15 [cdac11ba.exe]
ModuleName : C:\WINDOWS\system32\drivers\CDAC11BA.EXE
Command Line : C:\WINDOWS\system32\drivers\CDAC11BA.EXE
ProcessID : 1248
ThreadCreationTime : 4-23-2005 12:44:21 AM
BasePriority : Normal
FileVersion : 4.16.050
ProductVersion : 4.16.050 Windows NT 2002/04/24
ProductName : SafeCast Windows NT
CompanyName : Macrovision
FileDescription : Macrovision RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright © 1998-2002 Macrovision Corp.
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English

#:16 [crypserv.exe]
ModuleName : C:\WINDOWS\system32\crypserv.exe
Command Line : crypserv.exe
ProcessID : 1276
ThreadCreationTime : 4-23-2005 12:44:21 AM
BasePriority : High
FileVersion : 6.0
ProductVersion : 6.0
ProductName : CrypKey Software Licensing System
CompanyName : CrypKey (Canada) Ltd.
FileDescription : CrypKey NT Service
InternalName : crypserv
LegalCopyright : Copyright © 2000
LegalTrademarks : CrypKey
OriginalFilename : crypserv.exe
Comments : Operates in all directories, not just configured ones. Directory configuration only used for file clean up and uninstall

#:17 [nvsvc32.exe]
ModuleName : C:\WINDOWS\system32\nvsvc32.exe
Command Line : C:\WINDOWS\system32\nvsvc32.exe
ProcessID : 1352
ThreadCreationTime : 4-23-2005 12:44:21 AM
BasePriority : Normal
FileVersion : 6.14.10.6693
ProductVersion : 6.14.10.6693
ProductName : NVIDIA Driver Helper Service, Version 66.93
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 66.93
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:18 [retrorun.exe]
ModuleName : C:\Program Files\Dantz\Retrospect\retrorun.exe
Command Line : "C:\Program Files\Dantz\Retrospect\retrorun.exe"
ProcessID : 1388
ThreadCreationTime : 4-23-2005 12:44:22 AM
BasePriority : Normal
FileVersion : 6.5.342
ProductVersion : 6.5
ProductName : Retrospect
CompanyName : Dantz Development Corporation
FileDescription : Retrospect
InternalName :
LegalCopyright : Copyright Dantz 1989-2003
LegalTrademarks : Dantz® Retrospect®
OriginalFilename : retrorun.exe

#:19 [devldr32.exe]
ModuleName : C:\WINDOWS\system32\devldr32.exe
Command Line : C:\WINDOWS\system32\devldr32.exe
ProcessID : 1468
ThreadCreationTime : 4-23-2005 12:44:23 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 22
ProductVersion : 1, 0, 0, 22
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © 1997-2001 Creative Technology Ltd.
OriginalFilename : DevLdr32.exe

#:20 [wdsvc.exe]
ModuleName : C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
Command Line : C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
ProcessID : 1668
ThreadCreationTime : 4-23-2005 12:44:28 AM
BasePriority : Normal
FileVersion : 6.5.342
ProductVersion : 6.5
ProductName : Retrospect
CompanyName : Dantz Development Corporation
FileDescription : Retrospect
InternalName :
LegalCopyright : Copyright Dantz 1989-2003
LegalTrademarks : Dantz® Retrospect®
OriginalFilename : wdsvc.exe

#:21 [vetmsgnt.exe]
ModuleName : C:\WINDOWS\System32\VetMsgNT.exe
Command Line : C:\WINDOWS\System32\VetMsgNT.exe
ProcessID : 1696
ThreadCreationTime : 4-23-2005 12:44:28 AM
BasePriority : Normal
FileVersion : 1, 1, 0, 1
ProductVersion : 10, 2, 0, 0
ProductName : CAI Anti-Virus
CompanyName : Computer Associates International, Inc.
FileDescription : VetMsgNT
InternalName : VetMsgNT
LegalCopyright : Copyright © 1996-2001 Computer Associates International, Inc.
LegalTrademarks : Computer Associates International, Inc.
OriginalFilename : VetMsgNT.exe
Comments : CAI Anti-Virus message service for real-time protection

#:22 [vsmon.exe]
ModuleName : C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
Command Line : n/a
ProcessID : 1744
ThreadCreationTime : 4-23-2005 12:44:29 AM
BasePriority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : TrueVector Service
CompanyName : Zone Labs LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : vsmon.exe

#:23 [wlavalancheservice.exe]
ModuleName : C:\Program Files\Wavelink\Avalanche\Service\WLAvalancheService.exe
Command Line : "C:\Program Files\Wavelink\Avalanche\Service\WLAvalancheService.exe"
ProcessID : 1844
ThreadCreationTime : 4-23-2005 12:44:35 AM
BasePriority : Normal


#:24 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : ctfmon.exe
ProcessID : 336
ThreadCreationTime : 4-23-2005 12:44:46 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:25 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 660
ThreadCreationTime : 4-23-2005 12:44:49 AM
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:26 [vettray.exe]
ModuleName : C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
Command Line : "C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe"
ProcessID : 784
ThreadCreationTime : 4-23-2005 12:44:51 AM
BasePriority : Normal
FileVersion : Version 1.0
ProductName : VetTray
CompanyName : Computer Associates International, Inc.
FileDescription : Iconic notifier
InternalName : VetTray
LegalCopyright : Copyright © 1997-2001 Computer Associates International, Inc.
OriginalFilename : VetTray.exe

#:27 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1108
ThreadCreationTime : 4-23-2005 12:44:55 AM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:28 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 1332
ThreadCreationTime : 4-23-2005 12:44:57 AM
BasePriority : Normal
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:29 [wdbtnmgr.exe]
ModuleName : C:\WINDOWS\system32\WDBtnMgr.exe
Command Line : "C:\WINDOWS\system32\WDBtnMgr.exe"
ProcessID : 1416
ThreadCreationTime : 4-23-2005 12:44:58 AM
BasePriority : Normal
FileVersion : 1.0.7.0
ProductVersion : 1.0.7.0
ProductName : WD Button Manager
CompanyName : Western Digital Technologies, Inc.
FileDescription : WD Button Manager
InternalName : WD Button Manager
LegalCopyright : Copyright © 2003-2004
OriginalFilename : WDBtnMgr.exe

#:30 [seticon.exe]
ModuleName : C:\Program Files\WDC\SetIcon.exe
Command Line : "C:\Program Files\WDC\SetIcon.exe"
ProcessID : 1440
ThreadCreationTime : 4-23-2005 12:44:58 AM
BasePriority : Normal
FileVersion : 1, 2, 0, 8
ProductVersion : 1, 2, 0, 8
ProductName : SMSC USB Custom Icons Application
CompanyName : Standard Microsystems Corp.
FileDescription : Custom Icons Application For USB Drives
InternalName : SetIcon
LegalCopyright : Copyright © 2002 - 2003
OriginalFilename : SetIcon.exe

#:31 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32.exe nview.dll,nViewInitialize
ProcessID : 1476
ThreadCreationTime : 4-23-2005 12:44:58 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:32 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
ProcessID : 1596
ThreadCreationTime : 4-23-2005 12:44:59 AM
BasePriority : Normal


#:33 [zlclient.exe]
ModuleName : C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Command Line : n/a
ProcessID : 2104
ThreadCreationTime : 4-23-2005 12:45:00 AM
BasePriority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : Zone Labs Client
CompanyName : Zone Labs LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : zlclient.exe

#:34 [rhiac.exe]
ModuleName : C:\WINDOWS\system32\coburuao\rhiac.exe
Command Line : "C:\WINDOWS\system32\coburuao\rhiac.exe"
ProcessID : 2124
ThreadCreationTime : 4-23-2005 12:45:02 AM
BasePriority : Normal


#:35 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 2152
ThreadCreationTime : 4-23-2005 12:45:07 AM
BasePriority : Normal
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:36 [rujpw.exe]
ModuleName : C:\WINDOWS\system32\qdgkygwq\rujpw.exe
Command Line : "C:\WINDOWS\system32\qdgkygwq\rujpw.exe"
ProcessID : 2200
ThreadCreationTime : 4-23-2005 12:45:09 AM
BasePriority : Normal


#:37 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2280
ThreadCreationTime : 4-23-2005 12:45:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:38 [cthelper.exe]
ModuleName : C:\WINDOWS\system32\CTHELPER.EXE
Command Line : "C:\WINDOWS\system32\CTHELPER.EXE"
ProcessID : 2368
ThreadCreationTime : 4-23-2005 12:45:12 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper Application
InternalName : CtHelper
LegalCopyright : Copyright © 2002
OriginalFilename : CtHelper.EXE

#:39 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 2400
ThreadCreationTime : 4-23-2005 12:45:13 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:40 [foab.exe]
ModuleName : C:\WINDOWS\system32\btvnk\foab.exe
Command Line : "C:\WINDOWS\system32\btvnk\foab.exe"
ProcessID : 2612
ThreadCreationTime : 4-23-2005 12:45:17 AM
BasePriority : Normal


#:41 [nsvsvc.exe]
ModuleName : C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
Command Line : "C:\WINDOWS\system32\nsvsvc\nsvsvc.exe"
ProcessID : 2620
ThreadCreationTime : 4-23-2005 12:45:17 AM
BasePriority : Normal
FileVersion : 2.17.0000
ProductVersion : 2, 1, 7, 0

#:42 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 2672
ThreadCreationTime : 4-23-2005 12:45:25 AM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:43 [avgemc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
ProcessID : 2728
ThreadCreationTime : 4-23-2005 12:45:26 AM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:44 [steam.exe]
ModuleName : E:\Program Files\Valve\Steam\Steam.exe
Command Line : n/a
ProcessID : 2744
ThreadCreationTime : 4-23-2005 12:45:27 AM
BasePriority : Normal
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0
ProductName : Steam
CompanyName : Valve Corporation
FileDescription : Steam
LegalCopyright : © Copyright 2000-2003 Valve Corporation All rights reserved.
OriginalFilename : Steam.exe

#:45 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\MsnMsgr.Exe
Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ProcessID : 2752
ThreadCreationTime : 4-23-2005 12:45:27 AM
BasePriority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:46 [wcescomm.exe]
ModuleName : C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
Command Line : n/a
ProcessID : 2764
ThreadCreationTime : 4-23-2005 12:45:28 AM
BasePriority : Normal
FileVersion : 3.7.1.4034
ProductVersion : 3.7.4034
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : ActiveSync Connection Manager
InternalName : wcescomm
LegalCopyright : Copyright © 1995-2004 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : WCESCOMM.EXE

#:47 [a2guard.exe]
ModuleName : C:\Program Files\a2\a2guard.exe
Command Line : n/a
ProcessID : 2800
ThreadCreationTime : 4-23-2005 12:45:32 AM
BasePriority : Normal


#:48 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : n/a
ProcessID : 2812
ThreadCreationTime : 4-23-2005 12:45:32 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:49 [adobe gamma loader.exe]
ModuleName : C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Command Line : n/a
ProcessID : 2844
ThreadCreationTime : 4-23-2005 12:45:35 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Adobe Systems, Inc. Adobe Gamma Loader
CompanyName : Adobe Systems, Inc.
FileDescription : Adobe Gamma Loader
InternalName : Adobe Gamma Loader
LegalCopyright : © 1998-2000 Adobe Systems Incorporated
OriginalFilename : Adobe Gamma Loader.exe
Comments : Utility to set the video card's Gamma table (if the video driver supports it) using data set by Adobe Gamma.

#:50 [wkcalrem.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe"
ProcessID : 2856
ThreadCreationTime : 4-23-2005 12:45:38 AM
BasePriority : Normal
FileVersion : 6.00.1828.1
ProductVersion : 6.00.1828.1
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFilename : WKCALREM.EXE

#:51 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[320]SUSDS99879ac721aa364f95f1050f34e4c8c0
ProcessID : 2876
ThreadCreationTime : 4-23-2005 12:45:39 AM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:52 [spampal.exe]
ModuleName : C:\Program Files\SpamPal\spampal.exe
Command Line : "C:\Program Files\SpamPal\spampal.exe"
ProcessID : 2924
ThreadCreationTime : 4-23-2005 12:45:41 AM
BasePriority : Normal


#:53 [explorer.exe]
ModuleName : C:\WINDOWS\explorer.exe
Command Line : C:\WINDOWS\explorer.exe
ProcessID : 1032
ThreadCreationTime : 4-23-2005 12:49:14 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:54 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3536
ThreadCreationTime : 4-23-2005 12:49:26 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll
Value : AppID

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value :

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value : AppID

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bookedspace

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 16
Objects found so far: 16


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\LocalService\Cookies\system@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@trafficmp[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\LocalService\Cookies\system@trafficmp[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20


Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
13 entries scanned.
New critical objects:0
Objects found so far: 20




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BookedSpace Object Recognized!
Type : File
Data : bsx32.ini
Category : Malware
Comment :
Object : C:\WINDOWS\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 21

8:13:33 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:23:16.928
Objects scanned:247789
Objects identified:21
Objects ignored:0
New critical objects:21
  • 0

#4
Guest_Andy_veal_*
Posted 23 April 2005 - 06:46 AM

Guest_Andy_veal_*
  • Guest

#:40 [foab.exe]
ModuleName : C:\WINDOWS\system32\btvnk\foab.exe
Command Line : "C:\WINDOWS\system32\btvnk\foab.exe"
ProcessID : 2612
ThreadCreationTime : 4-23-2005 12:45:17 AM
BasePriority : Normal

#:41 [nsvsvc.exe]
ModuleName : C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
Command Line : "C:\WINDOWS\system32\nsvsvc\nsvsvc.exe"
ProcessID : 2620
ThreadCreationTime : 4-23-2005 12:45:17 AM
BasePriority : Normal
FileVersion : 2.17.0000
ProductVersion : 2, 1, 7, 0

#:34 [rhiac.exe]
ModuleName : C:\WINDOWS\system32\coburuao\rhiac.exe
Command Line : "C:\WINDOWS\system32\coburuao\rhiac.exe"
ProcessID : 2124
ThreadCreationTime : 4-23-2005 12:45:02 AM
BasePriority : Normal

#:23 [wlavalancheservice.exe]
ModuleName : C:\Program Files\Wavelink\Avalanche\Service\WLAvalancheService.exe
Command Line : "C:\Program Files\Wavelink\Avalanche\Service\WLAvalancheService.exe"
ProcessID : 1844
ThreadCreationTime : 4-23-2005 12:44:35 AM
BasePriority : Normal

#:23 [wlavalancheservice.exe]
ModuleName : C:\Program Files\Wavelink\Avalanche\Service\WLAvalancheService.exe
Command Line : "C:\Program Files\Wavelink\Avalanche\Service\WLAvalancheService.exe"
ProcessID : 1844
ThreadCreationTime : 4-23-2005 12:44:35 AM
BasePriority : Normal


Do you know what the above processes are?

Please could you scan your computer with one of the free online Anti-virus scanners.


Panda

Symantec

McAfee

TrendMicro Recommended

F-secure


Thank you

Andy
  • 0

#5
rodgeryng
Posted 23 April 2005 - 09:38 AM

rodgeryng

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I know the avalanche program but not the others. Scanning now.
  • 0

#6
rodgeryng
Posted 23 April 2005 - 12:32 PM

rodgeryng

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Andy,

Trend Micro found 5 Trojans. I did not see a log feature so I will describle them as below.

Troj Agent. om uncleanable C:\windows\system32\ktlpntqb\mahyrdbp.dll

Above was no cleanable and the program also could not delete it.


Troj Loader.c
Troj Dloader.hk
Troj Budd.f
Troj Keenval.e

All were in C:\system volume ...\restore\rp384\A0095821.exe
....................................................................\A0095822.exe
.....................................................................\A0095823.exe
......................................................................\A00958254.exe

These four were deleted but not cleanable.

Running F-secure now.
  • 0

#7
Guest_Andy_veal_*
Posted 23 April 2005 - 05:00 PM

Guest_Andy_veal_*
  • Guest

#:40 [foab.exe]
ModuleName : C:\WINDOWS\system32\btvnk\foab.exe
Command Line : "C:\WINDOWS\system32\btvnk\foab.exe"
ProcessID : 2612
ThreadCreationTime : 4-23-2005 12:45:17 AM
BasePriority : Normal

#:41 [nsvsvc.exe]
ModuleName : C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
Command Line : "C:\WINDOWS\system32\nsvsvc\nsvsvc.exe"
ProcessID : 2620
ThreadCreationTime : 4-23-2005 12:45:17 AM
BasePriority : Normal
FileVersion : 2.17.0000
ProductVersion : 2, 1, 7, 0

#:34 [rhiac.exe]
ModuleName : C:\WINDOWS\system32\coburuao\rhiac.exe
Command Line : "C:\WINDOWS\system32\coburuao\rhiac.exe"
ProcessID : 2124
ThreadCreationTime : 4-23-2005 12:45:02 AM
BasePriority : Normal



Please stop all these processes.

Please then boot into Safe Mode

Please make sure system files are shown.

Please then delete
C:\WINDOWS\system32\coburuao\rhiac.exe
C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
C:\WINDOWS\system32\btvnk\foab.exe

Please delete the files above, if you have any problem please leave it.

Post back

Good luck

Andy
  • 0

#8
rodgeryng
Posted 23 April 2005 - 07:45 PM

rodgeryng

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Done. What follows is a Symantec search. I hope it caused no problems to add the search.

C:\dialler.exe is infected with Dialer.Target
C:\Documents and Settings\Heather Timmons\Local Settings\Temporary Internet Files\Content.IE5\ZICZ7XW1\GetXML[1].xml is infected with Adware.Websearch
C:\Documents and Settings\Heather Timmons\Local Settings\Temporary Internet Files\Content.IE5\FTMBCT8M\version[1].exe is infected with Adware.DealHelper
C:\Documents and Settings\Heather Timmons\Local Settings\Temp\wrapperouter.exe is infected with Adware.VirtualBouncer
C:\Documents and Settings\Heather Timmons\Local Settings\Temp\FCB\uacupg.exe is infected with Adware.BetterInternet
C:\Documents and Settings\default\Local Settings\Temp\2E.tmp is infected with Adware.Ezula
C:\Documents and Settings\default\Local Settings\Temp\xjldq.exe is infected with Adware.Ezula
C:\Documents and Settings\default\Local Settings\Temp\3F5.tmp is infected with Adware.Ezula
C:\Documents and Settings\default\Local Settings\Temp\2D.tmp is infected with Adware.Ezula
C:\Program Files\teamspeak2_RC2\KeyPress.dll is infected with PWS.Hooker.Trojan
C:\Program Files\BearShare\Installer\saveinstwm.exe is infected with Adware.WhenU
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe is infected with Adware.DelFin
C:\WINDOWS\NDNuninstall4_80.exe is infected with Adware.NDotNet
C:\WINDOWS\NDNuninstall4_88.exe is infected with Adware.NDotNet
C:\WINDOWS\NDNuninstall4_94.exe is infected with Adware.NDotNet
C:\WINDOWS\NDNuninstall5_20.exe is infected with Adware.NDotNet
C:\WINDOWS\NDNuninstall5_40.exe is infected with Adware.NDotNet
C:\WINDOWS\NDNuninstall5_48.exe is infected with Adware.NDotNet
C:\WINDOWS\cpbrkpie.ocx is infected with Adware.CouponAge
C:\WINDOWS\Downloaded Program Files\ClientAX.dll is infected with Adware.180Search
C:\WINDOWS\SYSTEM32\nsu55.dll is infected with Adware.Begin2search
C:\WINDOWS\SYSTEM32\nsi87.dll is infected with Adware.Begin2search
C:\WINDOWS\SYSTEM32\q17i9a4j.exe is infected with Adware.SAHAgent
C:\WINDOWS\SYSTEM32\xjldq.exe is infected with Adware.Ezula
C:\WINDOWS\SYSTEM32\tool5-fran-two.exe is infected with Adware.Begin2search
C:\WINDOWS\SYSTEM32\hochkaod3.exe is infected with Adware.SAHAgent
C:\WINDOWS\SYSTEM32\nsvsvc\nsvsvc.exe is infected with Adware.DelFin
C:\WINDOWS\SYSTEM32\nsvsvc\nsvs.dll is infected with Adware.DelFin
  • 0

#9
Guest_Andy_veal_*
Posted 23 April 2005 - 07:48 PM

Guest_Andy_veal_*
  • Guest
Please could you try a scan with Trentmicro as i believe it offers deletion. :tazz:

Did you remove the above files? and processes?
  • 0

#10
rodgeryng
Posted 23 April 2005 - 08:18 PM

rodgeryng

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Will do. I did delete the three above files according to your instructions.

Running Trentmicor now.
  • 0

#11
rodgeryng
Posted 23 April 2005 - 10:49 PM

rodgeryng

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
The scan found three files uncleanable but were deleted.

Odd given the Symantec results...

What should be my next step?
  • 0

#12
Guest_Andy_veal_*
Posted 24 April 2005 - 04:50 AM

Guest_Andy_veal_*
  • Guest
Please could you download this program

Trojan Hunter

There is a trail avaliable.

Please scan your computer with this program and hopefully this will solve your problem.

Thanks


Andy :tazz:
  • 0

#13
rodgeryng
Posted 24 April 2005 - 06:14 PM

rodgeryng

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Andy,

Thank you very much...haven't run Adaware yet but there have been no popups or blocked access to the internet.

How does this company/website produce income?
  • 0

#14
rodgeryng
Posted 24 April 2005 - 07:38 PM

rodgeryng

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Spoke too soon...still have this "booked" thing...will try and run adaware.
  • 0

#15
Guest_Andy_veal_*
Posted 25 April 2005 - 06:39 AM

Guest_Andy_veal_*
  • Guest
Well i'm glad your trojans problem is solved! :tazz:

Now, If you please could post a full system Ad-aware logfile here.

I'll check it for you and provide you with additional information.

How does this company/website produce income?


Well Ad-aware SE personal is a free program, This website provides free support towards users.

I am sorry that this has taken so many steps.

Thanks

Andy ;)
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP