Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Referred]trojan-spy.html.smitfraud.c


  • Please log in to reply

#1
hlhuang

hlhuang

    Member

  • Member
  • PipPip
  • 16 posts
Should I also post HJT logfile in the other forum?
Many thanks....
HL


Ad-Aware SE Build 1.05
Logfile Created on:2005年4月23日 上午 09:57:16
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
References detected during the scan:
Alexa(TAC index:5):1 total references
CoolWebSearch(TAC index:10):14 total references
Security iGuard(TAC index:9):1 total references
Tracking Cookie(TAC index:3):16 total references

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:69 %
Total physical memory:1048048 kb
Available physical memory:713808 kb
Total page file size:2522304 kb
Available on page file:2028368 kb
Total virtual memory:2097024 kb
Available virtual memory:2044968 kb
OS:Microsoft Windows 2000 Professional (Build 2195)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


2005-4-23 上午 09:57:16 - Scan started. (Full System Scan)

Listing running processes


#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 144
ThreadCreationTime : 2005-4-23 下午 03:56:18
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 168
ThreadCreationTime : 2005-4-23 下午 03:56:27
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 188
ThreadCreationTime : 2005-4-23 下午 03:56:29
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 216
ThreadCreationTime : 2005-4-23 下午 03:56:30
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 228
ThreadCreationTime : 2005-4-23 下午 03:56:30
BasePriority : Normal
FileVersion : 5.00.2184.1
ProductVersion : 5.00.2184.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 464
ThreadCreationTime : 2005-4-23 下午 03:56:33
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 492
ThreadCreationTime : 2005-4-23 下午 03:56:33
BasePriority : Normal
FileVersion : 5.00.2161.1
ProductVersion : 5.00.2161.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 524
ThreadCreationTime : 2005-4-23 下午 03:56:33
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:9 [nvsvc32.exe]
ModuleName : C:\WINNT\System32\nvsvc32.exe
Command Line : C:\WINNT\System32\nvsvc32.exe
ProcessID : 552
ThreadCreationTime : 2005-4-23 下午 03:56:34
BasePriority : Normal
FileVersion : 6.13.10.4071
ProductVersion : 6.13.10.4071
ProductName : NVIDIA Driver Helper Service, Version 40.71
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 40.71
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:10 [regsvc.exe]
ModuleName : C:\WINNT\system32\regsvc.exe
Command Line : C:\WINNT\system32\regsvc.exe
ProcessID : 584
ThreadCreationTime : 2005-4-23 下午 03:56:35
BasePriority : Normal
FileVersion : 5.00.2155.1
ProductVersion : 5.00.2155.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:11 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 616
ThreadCreationTime : 2005-4-23 下午 03:56:35
BasePriority : Normal
FileVersion : 4.71.2137.1
ProductVersion : 4.71.2137.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:12 [tmntsrv.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe"
ProcessID : 656
ThreadCreationTime : 2005-4-23 下午 03:56:35
BasePriority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : Tmntsrv
InternalName : Tmntsrv
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : Tmntsrv.exe

#:13 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 748
ThreadCreationTime : 2005-4-23 下午 03:56:39
BasePriority : Normal
FileVersion : 1.50.1085.0001
ProductVersion : 1.50.1085.0001
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:14 [pccpfw.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe"
ProcessID : 848
ThreadCreationTime : 2005-4-23 下午 03:56:40
BasePriority : Normal


#:15 [explorer.exe]
ModuleName : C:\WINNT\explorer.exe
Command Line : "C:\WINNT\explorer.exe"
ProcessID : 1000
ThreadCreationTime : 2005-4-23 下午 03:56:45
BasePriority : Normal
FileVersion : 5.00.2920.0000
ProductVersion : 5.00.2920.0000
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:16 [taskmgru.exe]
ModuleName : C:\WINNT\System32\TASKMGRU.EXE
Command Line : "C:\WINNT\System32\TASKMGRU.EXE" open
ProcessID : 1016
ThreadCreationTime : 2005-4-23 下午 03:56:45
BasePriority : Normal


#:17 [msimn32.exe]
ModuleName : C:\WINNT\System32\MSIMN32.EXE
Command Line : "C:\WINNT\System32\MSIMN32.EXE" open
ProcessID : 1024
ThreadCreationTime : 2005-4-23 下午 03:56:46
BasePriority : Normal


#:18 [rundll32.exe]
ModuleName : C:\WINNT\System32\RunDll32.exe
Command Line : "C:\WINNT\System32\RunDll32.exe" cmicnfg.cpl,CMICtrlWnd
ProcessID : 1096
ThreadCreationTime : 2005-4-23 下午 03:56:49
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : RUNDLL.EXE

#:19 [disk_monitor.exe]
ModuleName : C:\Program Files\IC Card Reader Driver v1.8e2\Disk_Monitor.exe
Command Line : "C:\Program Files\IC Card Reader Driver v1.8e2\Disk_Monitor.exe"
ProcessID : 1048
ThreadCreationTime : 2005-4-23 下午 03:56:49
BasePriority : Normal
FileVersion : 1.6.1204.1
ProductVersion : 1.6.1204.1
ProductName : Disk Monitor
CompanyName : Neodio Corp.
FileDescription : Disk Monitor
InternalName : Disk Monitor(ECS)
LegalCopyright : Copyright © Neodio Corp. 2001
LegalTrademarks : Disk Monitor
OriginalFilename : Disk_Monitor.exe

#:20 [pccguide.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
ProcessID : 1064
ThreadCreationTime : 2005-4-23 下午 03:56:50
BasePriority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : PCCGuide
InternalName : PCCGuide
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : PCCGuide

#:21 [pccclient.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
ProcessID : 1116
ThreadCreationTime : 2005-4-23 下午 03:56:50
BasePriority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : PCCClient
InternalName : PCCClient
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : PCCClient

#:22 [pop3trap.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
ProcessID : 1128
ThreadCreationTime : 2005-4-23 下午 03:56:50
BasePriority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : POP3Trap
InternalName : POP3Trap
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : POP3Trap

#:23 [incd.exe]
ModuleName : C:\Program Files\Ahead\InCD\InCD.exe
Command Line : "C:\Program Files\Ahead\InCD\InCD.exe"
ProcessID : 1148
ThreadCreationTime : 2005-4-23 下午 03:56:51
BasePriority : Normal


#:24 [lvcoms.exe]
ModuleName : C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
Command Line : "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
ProcessID : 1136
ThreadCreationTime : 2005-4-23 下午 03:56:52
BasePriority : Normal
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
ProductName : Logitech ImageStudio
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2002 Logitech. All rights reserved.
OriginalFilename : LVComS.exe

#:25 [logitray.exe]
ModuleName : C:\Program Files\Logitech\ImageStudio\LogiTray.exe
Command Line : "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"
ProcessID : 1220
ThreadCreationTime : 2005-4-23 下午 03:56:53
BasePriority : Normal
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
ProductName : Logitech ImageStudio
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
LegalCopyright : © 1996-2002 Logitech. All rights reserved.
OriginalFilename : LogiTray.exe

#:26 [loadqm.exe]
ModuleName : C:\WINNT\loadqm.exe
Command Line : "C:\WINNT\loadqm.exe"
ProcessID : 1280
ThreadCreationTime : 2005-4-23 下午 03:56:54
BasePriority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE

#:27 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 1320
ThreadCreationTime : 2005-4-23 下午 03:56:56
BasePriority : Normal
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : c 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:28 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1184
ThreadCreationTime : 2005-4-23 下午 03:56:57
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : c Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:29 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-tw\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-tw\msnappau.exe"
ProcessID : 1328
ThreadCreationTime : 2005-4-23 下午 03:56:58
BasePriority : Normal


#:30 [internat.exe]
ModuleName : C:\WINNT\System32\internat.exe
Command Line : "C:\WINNT\System32\internat.exe"
ProcessID : 1336
ThreadCreationTime : 2005-4-23 下午 03:56:58
BasePriority : Normal
FileVersion : 5.00.2920.0000
ProductVersion : 5.00.2920.0000
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Keyboard Language Indicator Applet
InternalName : INTERNAT
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : INTERNAT.EXE

#:31 [backweb-8876480.exe]
ModuleName : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
Command Line : "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe"
ProcessID : 1396
ThreadCreationTime : 2005-4-23 下午 03:57:00
BasePriority : Normal


#:32 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 1408
ThreadCreationTime : 2005-4-23 下午 03:57:00
BasePriority : Normal
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : c 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:33 [skype.exe]
ModuleName : C:\Program Files\Skype\Phone\Skype.exe
Command Line : "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
ProcessID : 1432
ThreadCreationTime : 2005-4-23 下午 03:57:03
BasePriority : Normal


#:34 [robotaskbaricon.exe]
ModuleName : C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Command Line : "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
ProcessID : 1452
ThreadCreationTime : 2005-4-23 下午 03:57:03
BasePriority : Normal


#:35 [taskmgru.exe]
ModuleName : C:\WINNT\System32\TASKMGRU.EXE
Command Line : "C:\WINNT\System32\TASKMGRU.EXE"
ProcessID : 1460
ThreadCreationTime : 2005-4-23 下午 03:57:04
BasePriority : Normal


#:36 [msimn32.exe]
ModuleName : C:\WINNT\System32\MSIMN32.EXE
Command Line : "C:\WINNT\System32\MSIMN32.EXE"
ProcessID : 1468
ThreadCreationTime : 2005-4-23 下午 03:57:04
BasePriority : Normal


#:37 [wp.exe]
ModuleName : C:\wp.exe
Command Line : "C:\wp.exe"
ProcessID : 1512
ThreadCreationTime : 2005-4-23 下午 03:57:04
BasePriority : Normal


#:38 [ud.exe]
ModuleName : C:\Program Files\United Devices\UD.EXE
Command Line : "C:\Program Files\United Devices\UD.EXE"
ProcessID : 1488
ThreadCreationTime : 2005-4-23 下午 03:57:08
BasePriority : Normal
FileVersion : 3.00.2814
ProductVersion : 3.00.2814
ProductName : UD Agent
CompanyName : United Devices, Inc.
FileDescription : United Devices
InternalName : UDagent_3801_2814
LegalCopyright : Copyright United Devices ™
LegalTrademarks : United Devices ™
OriginalFilename : UDagent_3801_2814.exe
Comments : UD Agent Version 3.0

#:39 [ud_7657531.exe]
ModuleName : C:\Program Files\United Devices\ud_7657531.exe
Command Line : ud_7657531.exe
ProcessID : 1628
ThreadCreationTime : 2005-4-23 下午 03:57:24
BasePriority : Idle


#:40 [wcgrid_rosetta.exe]
ModuleName : C:\Program Files\United Devices\ud_7657531_0.dir\WCGrid_Rosetta.exe
Command Line : "C:/Program Files/United Devices/ud_7657531_0.dir/WCGrid_Rosetta.exe" -series 0A -protein bi19 -chain 9 -nstruct 843 -constant_seed -jran 935991 -silent
ProcessID : 1608
ThreadCreationTime : 2005-4-23 下午 03:57:31
BasePriority : Idle
FileVersion : 1, 0, 0, 5
ProductName : Rosetta Fragments and Rosetta ab-initio
CompanyName : University of Washington and IBM Corporation
FileDescription : Created under grants from the National Science Foundation number MCB-9458178, the Packard Foundation, the Los Alamos National Laboratory, Office of Naval Research grant number N00014-95-1-0417, and the Howard Hughes Medical Institute
InternalName : WCGrid_Rosetta.exe
LegalCopyright : Copyright © Unversity of Washington 2000-2004 and IBM Corp. 2004. All Rights Reserved
OriginalFilename : Rosetta

#:41 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1340
ThreadCreationTime : 2005-4-23 下午 04:56:08
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright c Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
New critical objects: 0
Objects found so far: 0


Started registry scan


CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.toolbandobj.1

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.toolbandobj.1
Value :

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.toolbandobj

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.toolbandobj
Value :

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf}
Value :

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0e1230f8-ea50-42a9-983c-d22abc2eed3b}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0e1230f8-ea50-42a9-983c-d22abc2eed3b}
Value :

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0b6ef17e-18e5-4449-86ea-64c82d596eae}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0b6ef17e-18e5-4449-86ea-64c82d596eae}
Value :

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}
Value :

Security iGuard Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\rex-services

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-839522115-1993962763-682003330-500\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry Scan result:
New critical objects: 15
Objects found so far: 15


Started deep registry scan


Deep registry scan result:
New critical objects: 0
Objects found so far: 15


Started Tracking Cookie scan



Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@2o7[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrator@2o7.net/
Expires : 2010-4-21 上午 01:05:46
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@servedby.advertising[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@servedby.advertising.com/
Expires : 2005-5-22 上午 01:05:04
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@doubleclick[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@doubleclick.net/
Expires : 2008-4-21 上午 01:05:04
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ehg-reddoor.hitbox[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@ehg-reddoor.hitbox.com/
Expires : 2006-4-22 上午 01:04:56
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@advertising[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@advertising.com/
Expires : 2010-4-21 上午 01:05:04
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@hitbox[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@hitbox.com/
Expires : 2006-4-22 上午 01:04:56
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 6
Objects found so far: 21



Deep scanning and examining files (C:)


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@2o7[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ads.pointroll[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ads.pointroll[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@advertising[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@bluestreak[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@bluestreak[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@centrport[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@centrport[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@data.coremetrics[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@data.coremetrics[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@servedby.advertising[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@servedby.advertising[2].txt

Disk Scan Result for C:\
New critical objects: 0
Objects found so far: 31


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".


Hosts file scan result:
1 entries scanned.
New critical objects:0
Objects found so far: 31




Performing conditional scans...


CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Enable Browser Extensions

Conditional scan result:
New critical objects: 1
Objects found so far: 32

上午 09:58:11 Scan Complete

Summary Of This Scan
Total scanning time:00:00:55.219
Objects scanned:49634
Objects identified:32
Objects ignored:0
New critical objects:32
  • 0

Advertisements


#2
GR@PH;<'S

GR@PH;<'S

    Member

  • Member
  • PipPipPip
  • 135 posts
hlhuang,
Please can you try at least one if not more of these On-line scans
Panda
Symantec
McAfee
TrendMicro
Bit Defender
RAV
Kaspersky
CommandonDemand
Computer Associates
CyberTechHelp
PC Pitstop
Stinger

a2
or download and try
TrojanHunter (Note Trojan Scanner 30 day Trial)
Then once you have done please rescan with Ad-aware doing a "Full Scan" and post your logfile here by using the "Add-reply" feature
If needed here's how to post your Ad-aware Logfile ;)

Here’s how to copy your Ad-aware log
click my computer
click local C Drive
then Click Program Files
then Click Lavasoft
then click Ad-aware SE
and then Logs,
find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
I recommend that you use the WebUpDate just before you scan that way you will always be up to date.

GR@PH;<'S :tazz:
  • 0

#3
hlhuang

hlhuang

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
We haven't been able to fix our internet connection yet, everything starting with http:// is blocked. I have run TrojanHunter and some files have been removed but everytime when we open an IE window we get a Trojan Alert Agent.171

Following is the logfile of AdAware scan. Thanks a lot for doing this for us.

(There are a lot of wierd symbols probably because we are running a Chinese version of Windows 2000.)

Ad-Aware SE Build 1.05
Logfile Created on:2005年4月25日 上午 12:39:36
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙?

References detected during the scan:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙?
Alexa(TAC index:5):1 total references
CoolWebSearch(TAC index:10):14 total references
Security iGuard(TAC index:9):1 total references
Tracking Cookie(TAC index:3):16 total references
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙?

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:71 %
Total physical memory:1048048 kb
Available physical memory:738208 kb
Total page file size:2522280 kb
Available on page file:2158552 kb
Total virtual memory:2097024 kb
Available virtual memory:2045920 kb
OS:Microsoft Windows 2000 Professional (Build 2195)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


2005-4-25 上午 12:39:36 - Scan started. (Full System Scan)

Listing running processes
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 144
ThreadCreationTime : 2005-4-25 上午 07:30:25
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 168
ThreadCreationTime : 2005-4-25 上午 07:30:34
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 188
ThreadCreationTime : 2005-4-25 上午 07:30:36
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 216
ThreadCreationTime : 2005-4-25 上午 07:30:37
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 228
ThreadCreationTime : 2005-4-25 上午 07:30:37
BasePriority : Normal
FileVersion : 5.00.2184.1
ProductVersion : 5.00.2184.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 464
ThreadCreationTime : 2005-4-25 上午 07:30:40
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 492
ThreadCreationTime : 2005-4-25 上午 07:30:40
BasePriority : Normal
FileVersion : 5.00.2161.1
ProductVersion : 5.00.2161.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 524
ThreadCreationTime : 2005-4-25 上午 07:30:40
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:9 [nvsvc32.exe]
ModuleName : C:\WINNT\System32\nvsvc32.exe
Command Line : C:\WINNT\System32\nvsvc32.exe
ProcessID : 552
ThreadCreationTime : 2005-4-25 上午 07:30:40
BasePriority : Normal
FileVersion : 6.13.10.4071
ProductVersion : 6.13.10.4071
ProductName : NVIDIA Driver Helper Service, Version 40.71
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 40.71
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:10 [regsvc.exe]
ModuleName : C:\WINNT\system32\regsvc.exe
Command Line : C:\WINNT\system32\regsvc.exe
ProcessID : 584
ThreadCreationTime : 2005-4-25 上午 07:30:41
BasePriority : Normal
FileVersion : 5.00.2155.1
ProductVersion : 5.00.2155.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:11 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 624
ThreadCreationTime : 2005-4-25 上午 07:30:41
BasePriority : Normal
FileVersion : 4.71.2137.1
ProductVersion : 4.71.2137.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:12 [tmntsrv.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe"
ProcessID : 660
ThreadCreationTime : 2005-4-25 上午 07:30:42
BasePriority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : Tmntsrv
InternalName : Tmntsrv
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : Tmntsrv.exe

#:13 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 760
ThreadCreationTime : 2005-4-25 上午 07:30:46
BasePriority : Normal
FileVersion : 1.50.1085.0001
ProductVersion : 1.50.1085.0001
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:14 [pccpfw.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe"
ProcessID : 848
ThreadCreationTime : 2005-4-25 上午 07:30:47
BasePriority : Normal


#:15 [explorer.exe]
ModuleName : C:\WINNT\explorer.exe
Command Line : "C:\WINNT\explorer.exe"
ProcessID : 980
ThreadCreationTime : 2005-4-25 上午 07:30:52
BasePriority : Normal
FileVersion : 5.00.2920.0000
ProductVersion : 5.00.2920.0000
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:16 [rundll32.exe]
ModuleName : C:\WINNT\System32\RunDll32.exe
Command Line : "C:\WINNT\System32\RunDll32.exe" cmicnfg.cpl,CMICtrlWnd
ProcessID : 1080
ThreadCreationTime : 2005-4-25 上午 07:30:56
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : RUNDLL.EXE

#:17 [disk_monitor.exe]
ModuleName : C:\Program Files\IC Card Reader Driver v1.8e2\Disk_Monitor.exe
Command Line : "C:\Program Files\IC Card Reader Driver v1.8e2\Disk_Monitor.exe"
ProcessID : 1096
ThreadCreationTime : 2005-4-25 上午 07:30:56
BasePriority : Normal
FileVersion : 1.6.1204.1
ProductVersion : 1.6.1204.1
ProductName : Disk Monitor
CompanyName : Neodio Corp.
FileDescription : Disk Monitor
InternalName : Disk Monitor(ECS)
LegalCopyright : Copyright © Neodio Corp. 2001
LegalTrademarks : Disk Monitor
OriginalFilename : Disk_Monitor.exe

#:18 [pccguide.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
ProcessID : 1084
ThreadCreationTime : 2005-4-25 上午 07:30:56
BasePriority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : PCCGuide
InternalName : PCCGuide
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : PCCGuide

#:19 [pccclient.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
ProcessID : 1104
ThreadCreationTime : 2005-4-25 上午 07:30:56
BasePriority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : PCCClient
InternalName : PCCClient
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : PCCClient

#:20 [pop3trap.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
ProcessID : 1128
ThreadCreationTime : 2005-4-25 上午 07:30:57
BasePriority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : POP3Trap
InternalName : POP3Trap
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : POP3Trap

#:21 [incd.exe]
ModuleName : C:\Program Files\Ahead\InCD\InCD.exe
Command Line : "C:\Program Files\Ahead\InCD\InCD.exe"
ProcessID : 1148
ThreadCreationTime : 2005-4-25 上午 07:30:57
BasePriority : Normal


#:22 [lvcoms.exe]
ModuleName : C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
Command Line : "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
ProcessID : 1132
ThreadCreationTime : 2005-4-25 上午 07:30:58
BasePriority : Normal
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
ProductName : Logitech ImageStudio
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2002 Logitech. All rights reserved.
OriginalFilename : LVComS.exe

#:23 [logitray.exe]
ModuleName : C:\Program Files\Logitech\ImageStudio\LogiTray.exe
Command Line : "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"
ProcessID : 1072
ThreadCreationTime : 2005-4-25 上午 07:30:59
BasePriority : Normal
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
ProductName : Logitech ImageStudio
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
LegalCopyright : © 1996-2002 Logitech. All rights reserved.
OriginalFilename : LogiTray.exe

#:24 [loadqm.exe]
ModuleName : C:\WINNT\loadqm.exe
Command Line : "C:\WINNT\loadqm.exe"
ProcessID : 1180
ThreadCreationTime : 2005-4-25 上午 07:30:59
BasePriority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE

#:25 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 1196
ThreadCreationTime : 2005-4-25 上午 07:31:00
BasePriority : Normal
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : c 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:26 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1212
ThreadCreationTime : 2005-4-25 上午 07:31:00
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : c Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:27 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-tw\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-tw\msnappau.exe"
ProcessID : 1224
ThreadCreationTime : 2005-4-25 上午 07:31:01
BasePriority : Normal


#:28 [internat.exe]
ModuleName : C:\WINNT\System32\internat.exe
Command Line : "C:\WINNT\System32\internat.exe"
ProcessID : 1244
ThreadCreationTime : 2005-4-25 上午 07:31:01
BasePriority : Normal
FileVersion : 5.00.2920.0000
ProductVersion : 5.00.2920.0000
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Keyboard Language Indicator Applet
InternalName : INTERNAT
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : INTERNAT.EXE

#:29 [backweb-8876480.exe]
ModuleName : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
Command Line : "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe"
ProcessID : 1252
ThreadCreationTime : 2005-4-25 上午 07:31:02
BasePriority : Normal


#:30 [skype.exe]
ModuleName : C:\Program Files\Skype\Phone\Skype.exe
Command Line : "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
ProcessID : 1260
ThreadCreationTime : 2005-4-25 上午 07:31:02
BasePriority : Normal


#:31 [robotaskbaricon.exe]
ModuleName : C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Command Line : "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
ProcessID : 1280
ThreadCreationTime : 2005-4-25 上午 07:31:03
BasePriority : Normal


#:32 [wp.exe]
ModuleName : C:\wp.exe
Command Line : "C:\wp.exe"
ProcessID : 1296
ThreadCreationTime : 2005-4-25 上午 07:31:03
BasePriority : Normal


#:33 [ud.exe]
ModuleName : C:\Program Files\United Devices\UD.EXE
Command Line : "C:\Program Files\United Devices\UD.EXE"
ProcessID : 1456
ThreadCreationTime : 2005-4-25 上午 07:31:08
BasePriority : Normal
FileVersion : 3.00.2814
ProductVersion : 3.00.2814
ProductName : UD Agent
CompanyName : United Devices, Inc.
FileDescription : United Devices
InternalName : UDagent_3801_2814
LegalCopyright : Copyright United Devices ™
LegalTrademarks : United Devices ™
OriginalFilename : UDagent_3801_2814.exe
Comments : UD Agent Version 3.0

#:34 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 1480
ThreadCreationTime : 2005-4-25 上午 07:31:13
BasePriority : Normal
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : c 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:35 [ud_7657531.exe]
ModuleName : C:\Program Files\United Devices\ud_7657531.exe
Command Line : ud_7657531.exe
ProcessID : 1620
ThreadCreationTime : 2005-4-25 上午 07:31:27
BasePriority : Idle


#:36 [wcgrid_rosetta.exe]
ModuleName : C:\Program Files\United Devices\ud_7657531_0.dir\WCGrid_Rosetta.exe
Command Line : "C:/Program Files/United Devices/ud_7657531_0.dir/WCGrid_Rosetta.exe" -series 0A -protein bi19 -chain 9 -nstruct 843 -constant_seed -jran 935991 -silent
ProcessID : 1672
ThreadCreationTime : 2005-4-25 上午 07:31:39
BasePriority : Idle
FileVersion : 1, 0, 0, 5
ProductName : Rosetta Fragments and Rosetta ab-initio
CompanyName : University of Washington and IBM Corporation
FileDescription : Created under grants from the National Science Foundation number MCB-9458178, the Packard Foundation, the Los Alamos National Laboratory, Office of Naval Research grant number N00014-95-1-0417, and the Howard Hughes Medical Institute
InternalName : WCGrid_Rosetta.exe
LegalCopyright : Copyright © Unversity of Washington 2000-2004 and IBM Corp. 2004. All Rights Reserved
OriginalFilename : Rosetta

#:37 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1540
ThreadCreationTime : 2005-4-25 上午 07:38:14
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright c Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 0
Objects found so far: 0


Started registry scan
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.toolbandobj.1

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.toolbandobj.1
Value :

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.toolbandobj

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.toolbandobj
Value :

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf}
Value :

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0e1230f8-ea50-42a9-983c-d22abc2eed3b}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0e1230f8-ea50-42a9-983c-d22abc2eed3b}
Value :

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0b6ef17e-18e5-4449-86ea-64c82d596eae}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0b6ef17e-18e5-4449-86ea-64c82d596eae}
Value :

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}
Value :

Security iGuard Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\rex-services

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-839522115-1993962763-682003330-500\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry Scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 15
Objects found so far: 15


Started deep registry scan
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

Deep registry scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 0
Objects found so far: 15


Started Tracking Cookie scan
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@2o7[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@advertising[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@doubleclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ehg-reddoor.hitbox[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Cookies\administrator@ehg-reddoor.hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@servedby.advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Cookies\administrator@servedby.advertising[1].txt

Tracking cookie scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 6
Objects found so far: 21



Deep scanning and examining files (C:)
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@2o7[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ads.pointroll[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ads.pointroll[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@advertising[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@bluestreak[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@bluestreak[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@centrport[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@centrport[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@data.coremetrics[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@data.coremetrics[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@servedby.advertising[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@servedby.advertising[2].txt

Disk Scan Result for C:\
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 0
Objects found so far: 31


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

Hosts file scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
1 entries scanned.
New critical objects:0
Objects found so far: 31




Performing conditional scans...
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Enable Browser Extensions

Conditional scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 1
Objects found so far: 32

上午 12:40:32 Scan Complete

Summary Of This Scan
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
Total scanning time:00:00:55.875
Objects scanned:49846
Objects identified:32
Objects ignored:0
New critical objects:32
  • 0

#4
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts

Using definitions file:SE1R40 20.04.2005

Well, new update is out.
Please update your Ad-aware, and post a new log.

- Rawe :tazz:
  • 0

#5
hlhuang

hlhuang

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here you go. Thanks a lot.

Ad-Aware SE Build 1.05
Logfile Created on:2005年4月26日 上午 12:50:57
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙?

References detected during the scan:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙?
CoolWebSearch(TAC index:10):16 total references
Tracking Cookie(TAC index:3):16 total references
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙?

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650

2005-4-26 上午 12:50:28 Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650


2005-4-26 上午 12:50:36 Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:72 %
Total physical memory:1048048 kb
Available physical memory:749148 kb
Total page file size:2522276 kb
Available on page file:2111548 kb
Total virtual memory:2097024 kb
Available virtual memory:2043444 kb
OS:Microsoft Windows 2000 Professional (Build 2195)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


2005-4-26 上午 12:50:57 - Scan started. (Full System Scan)

Listing running processes
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 144
ThreadCreationTime : 2005-4-26 上午 03:12:19
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 168
ThreadCreationTime : 2005-4-26 上午 03:12:28
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 188
ThreadCreationTime : 2005-4-26 上午 03:12:30
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 216
ThreadCreationTime : 2005-4-26 上午 03:12:31
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 228
ThreadCreationTime : 2005-4-26 上午 03:12:31
BasePriority : Normal
FileVersion : 5.00.2184.1
ProductVersion : 5.00.2184.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 464
ThreadCreationTime : 2005-4-26 上午 03:12:34
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 492
ThreadCreationTime : 2005-4-26 上午 03:12:35
BasePriority : Normal
FileVersion : 5.00.2161.1
ProductVersion : 5.00.2161.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 524
ThreadCreationTime : 2005-4-26 上午 03:12:35
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:9 [nvsvc32.exe]
ModuleName : C:\WINNT\System32\nvsvc32.exe
Command Line : C:\WINNT\System32\nvsvc32.exe
ProcessID : 552
ThreadCreationTime : 2005-4-26 上午 03:12:35
BasePriority : Normal
FileVersion : 6.13.10.4071
ProductVersion : 6.13.10.4071
ProductName : NVIDIA Driver Helper Service, Version 40.71
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 40.71
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:10 [regsvc.exe]
ModuleName : C:\WINNT\system32\regsvc.exe
Command Line : C:\WINNT\system32\regsvc.exe
ProcessID : 584
ThreadCreationTime : 2005-4-26 上午 03:12:36
BasePriority : Normal
FileVersion : 5.00.2155.1
ProductVersion : 5.00.2155.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:11 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 616
ThreadCreationTime : 2005-4-26 上午 03:12:36
BasePriority : Normal
FileVersion : 4.71.2137.1
ProductVersion : 4.71.2137.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:12 [tmntsrv.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe"
ProcessID : 656
ThreadCreationTime : 2005-4-26 上午 03:12:36
BasePriority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : Tmntsrv
InternalName : Tmntsrv
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : Tmntsrv.exe

#:13 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 748
ThreadCreationTime : 2005-4-26 上午 03:12:40
BasePriority : Normal
FileVersion : 1.50.1085.0001
ProductVersion : 1.50.1085.0001
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:14 [pccpfw.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe"
ProcessID : 848
ThreadCreationTime : 2005-4-26 上午 03:12:41
BasePriority : Normal


#:15 [explorer.exe]
ModuleName : C:\WINNT\explorer.exe
Command Line : "C:\WINNT\explorer.exe"
ProcessID : 968
ThreadCreationTime : 2005-4-26 上午 03:12:45
BasePriority : Normal
FileVersion : 5.00.2920.0000
ProductVersion : 5.00.2920.0000
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:16 [rundll32.exe]
ModuleName : C:\WINNT\System32\RunDll32.exe
Command Line : "C:\WINNT\System32\RunDll32.exe" cmicnfg.cpl,CMICtrlWnd
ProcessID : 1096
ThreadCreationTime : 2005-4-26 上午 03:12:50
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : RUNDLL.EXE

#:17 [disk_monitor.exe]
ModuleName : C:\Program Files\IC Card Reader Driver v1.8e2\Disk_Monitor.exe
Command Line : "C:\Program Files\IC Card Reader Driver v1.8e2\Disk_Monitor.exe"
ProcessID : 1056
ThreadCreationTime : 2005-4-26 上午 03:12:51
BasePriority : Normal
FileVersion : 1.6.1204.1
ProductVersion : 1.6.1204.1
ProductName : Disk Monitor
CompanyName : Neodio Corp.
FileDescription : Disk Monitor
InternalName : Disk Monitor(ECS)
LegalCopyright : Copyright © Neodio Corp. 2001
LegalTrademarks : Disk Monitor
OriginalFilename : Disk_Monitor.exe

#:18 [pccguide.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
ProcessID : 1104
ThreadCreationTime : 2005-4-26 上午 03:12:51
BasePriority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : PCCGuide
InternalName : PCCGuide
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : PCCGuide

#:19 [pccclient.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
ProcessID : 1128
ThreadCreationTime : 2005-4-26 上午 03:12:51
BasePriority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : PCCClient
InternalName : PCCClient
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : PCCClient

#:20 [pop3trap.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
ProcessID : 1136
ThreadCreationTime : 2005-4-26 上午 03:12:51
BasePriority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : POP3Trap
InternalName : POP3Trap
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : POP3Trap

#:21 [incd.exe]
ModuleName : C:\Program Files\Ahead\InCD\InCD.exe
Command Line : "C:\Program Files\Ahead\InCD\InCD.exe"
ProcessID : 1156
ThreadCreationTime : 2005-4-26 上午 03:12:52
BasePriority : Normal


#:22 [lvcoms.exe]
ModuleName : C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
Command Line : "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
ProcessID : 1144
ThreadCreationTime : 2005-4-26 上午 03:12:53
BasePriority : Normal
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
ProductName : Logitech ImageStudio
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2002 Logitech. All rights reserved.
OriginalFilename : LVComS.exe

#:23 [logitray.exe]
ModuleName : C:\Program Files\Logitech\ImageStudio\LogiTray.exe
Command Line : "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"
ProcessID : 1168
ThreadCreationTime : 2005-4-26 上午 03:12:53
BasePriority : Normal
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
ProductName : Logitech ImageStudio
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
LegalCopyright : © 1996-2002 Logitech. All rights reserved.
OriginalFilename : LogiTray.exe

#:24 [loadqm.exe]
ModuleName : C:\WINNT\loadqm.exe
Command Line : "C:\WINNT\loadqm.exe"
ProcessID : 1184
ThreadCreationTime : 2005-4-26 上午 03:12:54
BasePriority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE

#:25 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 1252
ThreadCreationTime : 2005-4-26 上午 03:12:56
BasePriority : Normal
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : c 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:26 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1308
ThreadCreationTime : 2005-4-26 上午 03:12:56
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : c Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:27 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-tw\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-tw\msnappau.exe"
ProcessID : 1332
ThreadCreationTime : 2005-4-26 上午 03:12:57
BasePriority : Normal


#:28 [internat.exe]
ModuleName : C:\WINNT\System32\internat.exe
Command Line : "C:\WINNT\System32\internat.exe"
ProcessID : 1400
ThreadCreationTime : 2005-4-26 上午 03:13:01
BasePriority : Normal
FileVersion : 5.00.2920.0000
ProductVersion : 5.00.2920.0000
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Keyboard Language Indicator Applet
InternalName : INTERNAT
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : INTERNAT.EXE

#:29 [backweb-8876480.exe]
ModuleName : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
Command Line : "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe"
ProcessID : 1412
ThreadCreationTime : 2005-4-26 上午 03:13:02
BasePriority : Normal


#:30 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 1428
ThreadCreationTime : 2005-4-26 上午 03:13:02
BasePriority : Normal
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : c 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:31 [skype.exe]
ModuleName : C:\Program Files\Skype\Phone\Skype.exe
Command Line : "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
ProcessID : 1464
ThreadCreationTime : 2005-4-26 上午 03:13:06
BasePriority : Normal


#:32 [robotaskbaricon.exe]
ModuleName : C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Command Line : "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
ProcessID : 1512
ThreadCreationTime : 2005-4-26 上午 03:13:09
BasePriority : Normal


#:33 [wp.exe]
ModuleName : C:\wp.exe
Command Line : "C:\wp.exe"
ProcessID : 1548
ThreadCreationTime : 2005-4-26 上午 03:13:09
BasePriority : Normal


#:34 [ud.exe]
ModuleName : C:\Program Files\United Devices\UD.EXE
Command Line : "C:\Program Files\United Devices\UD.EXE"
ProcessID : 1596
ThreadCreationTime : 2005-4-26 上午 03:13:13
BasePriority : Normal
FileVersion : 3.00.2814
ProductVersion : 3.00.2814
ProductName : UD Agent
CompanyName : United Devices, Inc.
FileDescription : United Devices
InternalName : UDagent_3801_2814
LegalCopyright : Copyright United Devices ™
LegalTrademarks : United Devices ™
OriginalFilename : UDagent_3801_2814.exe
Comments : UD Agent Version 3.0

#:35 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 1636
ThreadCreationTime : 2005-4-26 上午 04:59:56
BasePriority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:36 [ud_7657531.exe]
ModuleName : C:\Program Files\United Devices\ud_7657531.exe
Command Line : ud_7657531.exe
ProcessID : 1632
ThreadCreationTime : 2005-4-26 上午 05:28:50
BasePriority : Idle


#:37 [wcgrid_rosetta.exe]
ModuleName : C:\Program Files\United Devices\ud_7657531_0.dir\WCGrid_Rosetta.exe
Command Line : "C:/Program Files/United Devices/ud_7657531_0.dir/WCGrid_Rosetta.exe" -series 11 -protein bi87 -chain 7 -nstruct 275 -constant_seed -jran 131495 -silent
ProcessID : 1524
ThreadCreationTime : 2005-4-26 上午 05:28:55
BasePriority : Idle
FileVersion : 1, 0, 0, 5
ProductName : Rosetta Fragments and Rosetta ab-initio
CompanyName : University of Washington and IBM Corporation
FileDescription : Created under grants from the National Science Foundation number MCB-9458178, the Packard Foundation, the Los Alamos National Laboratory, Office of Naval Research grant number N00014-95-1-0417, and the Howard Hughes Medical Institute
InternalName : WCGrid_Rosetta.exe
LegalCopyright : Copyright © Unversity of Washington 2000-2004 and IBM Corp. 2004. All Rights Reserved
OriginalFilename : Rosetta

#:38 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1140
ThreadCreationTime : 2005-4-26 上午 07:50:19
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright c Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 0
Objects found so far: 0


Started registry scan
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.toolbandobj.1

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.toolbandobj.1
Value :

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.toolbandobj

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.toolbandobj
Value :

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf}
Value :

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0e1230f8-ea50-42a9-983c-d22abc2eed3b}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0e1230f8-ea50-42a9-983c-d22abc2eed3b}
Value :

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0b6ef17e-18e5-4449-86ea-64c82d596eae}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0b6ef17e-18e5-4449-86ea-64c82d596eae}
Value :

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}
Value :

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}"
Rootkey : HKEY_USERS
Object : S-1-5-21-839522115-1993962763-682003330-500\software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E1230F8-EA50-42A9-983C-D22ABC2EED3B}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\toolbar
Value : {0E1230F8-EA50-42A9-983C-D22ABC2EED3B}

Registry Scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 15
Objects found so far: 15


Started deep registry scan
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

Deep registry scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 0
Objects found so far: 15


Started Tracking Cookie scan
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@atdmt[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:administrator@atdmt.com/
Expires : 2010-4-24 下午 05:00:00
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@bluestreak[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@bluestreak.com/
Expires : 2015-4-22 下午 10:01:50
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@centrport[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@centrport.net/
Expires : 2029-12-31 下午 05:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@2o7[2].txt
Category : Data Miner
Comment : Hits:12
Value : Cookie:administrator@2o7.net/
Expires : 2010-4-25 上午 12:36:08
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@bs.serving-sys[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@bs.serving-sys.com/
Expires : 2038-1-1 上午 01:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@servedby.advertising[1].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:administrator@servedby.advertising.com/
Expires : 2005-5-26 上午 12:36:08
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@as1.falkag[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:administrator@as1.falkag.de/
Expires : 2005-5-25 上午 01:55:44
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@doubleclick[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@doubleclick.net/
Expires : 2005-4-25 下午 10:59:52
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ehg-reddoor.hitbox[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@ehg-reddoor.hitbox.com/
Expires : 2006-4-25 上午 01:09:54
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@serving-sys[2].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:administrator@serving-sys.com/
Expires : 2038-1-1 上午 01:00:00
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@server.iad.liveperson[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:administrator@server.iad.liveperson.net/
Expires : 2006-4-25 下午 09:50:28
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@mediaplex[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@mediaplex.com/
Expires : 2009-6-21 下午 05:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@advertising[2].txt
Category : Data Miner
Comment : Hits:12
Value : Cookie:administrator@advertising.com/
Expires : 2010-4-25 上午 12:35:58
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@www.stopzilla[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:administrator@www.stopzilla.com/
Expires : 2008-8-7 下午 09:48:52
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ads.pointroll[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrator@ads.pointroll.com/
Expires : 2009-12-31 下午 05:00:00
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@hitbox[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrator@hitbox.com/
Expires : 2006-4-25 上午 01:09:54
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking cookie scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 16
Objects found so far: 31



Deep scanning and examining files (C:)
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

Disk Scan Result for C:\
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 0
Objects found so far: 31


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

Hosts file scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
1 entries scanned.
New critical objects:0
Objects found so far: 31




Performing conditional scans...
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar

Conditional scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 1
Objects found so far: 32

上午 12:52:56 Scan Complete

Summary Of This Scan
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
Total scanning time:00:01:59.47
Objects scanned:51656
Objects identified:32
Objects ignored:0
New critical objects:32
  • 0

#6
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi again...
Do this;
first, download/install this tool here;
http://www.ccleaner.com/
when installed, bush the button "Run cleaner".
Then you can close the cleaner after it has succesfully ran.
After that, try couple of these online virus scans;
- Trend Micro (recommended)
- Panda Activescan
- F-secure

Clean everything they finds, if they finds something.
After you have done this, reboot,
and do the following;

"Hosts file scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
1 entries scanned."

If your system is running a program which changes the hosts file or you have added listings to the hosts file then, there is no need to check further. Otherwise, download the "Host file viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your host file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip

If you have difficulties to follow the guidelines, please ask..

- Rawe :tazz:
  • 0

#7
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
After you have done all the above, read Logfile Posting Instructions
and post a new log.

- Rawe :tazz:
  • 0

#8
hlhuang

hlhuang

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I didn't get it. You said:

Clean everything they finds, if they finds something.
After you have done this, reboot,
and do the following;

"Hosts file scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
1 entries scanned."


What exactly should I do?
Thanks.
  • 0

#9
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Sorry, maybe I'm just idiot :tazz:
Read this and follow the guidelines..;
If your system is running a program which changes the hosts file or you have added listings to the hosts file then, there is no need to check further. Otherwise, download the "Host file viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your host file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip

- Rawe ;)
  • 0

#10
hlhuang

hlhuang

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thanks.
Gotta go to bed so I'll do that later.
  • 0

Advertisements


#11
GR@PH;<'S

GR@PH;<'S

    Member

  • Member
  • PipPipPip
  • 135 posts
hlhuang,

We haven't been able to fix our internet connection yet

I take it that you have managed to sort out your internet connection if not and you used another PC to do this via a download using a floppy disk (or smilier storage) then please download this
WinSock XP Fix file to a floppy disk (or smilier storage) ,
you can run it off the floppy disk or if you want you can download it straight to your hard drive.
(but I recommend saving to floppy - or smilier)
Note this program is not created, endorsed, supported, or warranted by Lavasoft
Also did you do the on-line scan that I asked above, if not please can you do them
then once you have done them please rescan using Ad-aware doing a ""Full Scan"" and post your logfile here by using the "Add-reply" feature.
As for your running the “Host File Reader“ if you not sure then I would recommend that you use the Doulf settings Button as that way your Hosts file will be reset to the oridganal even if it is nolonger on your PC.
(Note if you replace the hosts file your self then by doing this it will be lost)
GR@PH;<'S :tazz:

Edited by GR@PH;<'S, 26 April 2005 - 06:41 AM.

  • 0

#12
hlhuang

hlhuang

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
The computer got infected is running Win2000.
Will "WinSocket XP fix" fix that?

Thanks.
  • 0

#13
GR@PH;<'S

GR@PH;<'S

    Member

  • Member
  • PipPipPip
  • 135 posts

The computer got infected is running Win2000.
Will "WinSocket XP fix" fix that?

;) sorry did not realise that I gave you the XP only link,
use this
win fix for 9x/NT/2000/XP

GR@PH;<'S :tazz:
  • 0

#14
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
After you have downloaded the fix what GR@PH;<'S recommended,
please run the "host file viewer" as I posted.
Also, run all online scans.
After all this, run a new "Full system scan", read Logfile Posting Instructions
then post a fresh Ad-aware log.
We can help you more when you have done this.

- Rawe :tazz:
  • 0

#15
hlhuang

hlhuang

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I have scanned with McAfee , TrojanHunter, reset the hostfilereader and did a new scan of AdAware. Here is the logfile. Many thanks.

Ad-Aware SE Build 1.05
Logfile Created on:2005年4月27日 上午 12:21:16
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙?

References detected during the scan:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙?
CoolWebSearch(TAC index:10):10 total references
Tracking Cookie(TAC index:3):11 total references
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙?

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:65 %
Total physical memory:1048048 kb
Available physical memory:673420 kb
Total page file size:2522276 kb
Available on page file:2037856 kb
Total virtual memory:2097024 kb
Available virtual memory:2046104 kb
OS:Microsoft Windows 2000 Professional (Build 2195)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


2005-4-27 上午 12:21:16 - Scan started. (Full System Scan)

Listing running processes
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 144
ThreadCreationTime : 2005-4-27 上午 06:04:54
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 168
ThreadCreationTime : 2005-4-27 上午 06:05:03
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 188
ThreadCreationTime : 2005-4-27 上午 06:05:05
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 216
ThreadCreationTime : 2005-4-27 上午 06:05:06
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 228
ThreadCreationTime : 2005-4-27 上午 06:05:06
BasePriority : Normal
FileVersion : 5.00.2184.1
ProductVersion : 5.00.2184.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 464
ThreadCreationTime : 2005-4-27 上午 06:05:09
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 492
ThreadCreationTime : 2005-4-27 上午 06:05:10
BasePriority : Normal
FileVersion : 5.00.2161.1
ProductVersion : 5.00.2161.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 524
ThreadCreationTime : 2005-4-27 上午 06:05:10
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:9 [nvsvc32.exe]
ModuleName : C:\WINNT\System32\nvsvc32.exe
Command Line : C:\WINNT\System32\nvsvc32.exe
ProcessID : 552
ThreadCreationTime : 2005-4-27 上午 06:05:10
BasePriority : Normal
FileVersion : 6.13.10.4071
ProductVersion : 6.13.10.4071
ProductName : NVIDIA Driver Helper Service, Version 40.71
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 40.71
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:10 [regsvc.exe]
ModuleName : C:\WINNT\system32\regsvc.exe
Command Line : C:\WINNT\system32\regsvc.exe
ProcessID : 584
ThreadCreationTime : 2005-4-27 上午 06:05:11
BasePriority : Normal
FileVersion : 5.00.2155.1
ProductVersion : 5.00.2155.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:11 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 600
ThreadCreationTime : 2005-4-27 上午 06:05:11
BasePriority : Normal
FileVersion : 4.71.2137.1
ProductVersion : 4.71.2137.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:12 [tmntsrv.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe"
ProcessID : 652
ThreadCreationTime : 2005-4-27 上午 06:05:12
BasePriority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : Tmntsrv
InternalName : Tmntsrv
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : Tmntsrv.exe

#:13 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 744
ThreadCreationTime : 2005-4-27 上午 06:05:15
BasePriority : Normal
FileVersion : 1.50.1085.0001
ProductVersion : 1.50.1085.0001
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:14 [pccpfw.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe"
ProcessID : 844
ThreadCreationTime : 2005-4-27 上午 06:05:16
BasePriority : Normal


#:15 [explorer.exe]
ModuleName : C:\WINNT\explorer.exe
Command Line : "C:\WINNT\explorer.exe"
ProcessID : 980
ThreadCreationTime : 2005-4-27 上午 06:05:22
BasePriority : Normal
FileVersion : 5.00.2920.0000
ProductVersion : 5.00.2920.0000
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:16 [rundll32.exe]
ModuleName : C:\WINNT\System32\RunDll32.exe
Command Line : "C:\WINNT\System32\RunDll32.exe" cmicnfg.cpl,CMICtrlWnd
ProcessID : 1124
ThreadCreationTime : 2005-4-27 上午 06:05:27
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : RUNDLL.EXE

#:17 [disk_monitor.exe]
ModuleName : C:\Program Files\IC Card Reader Driver v1.8e2\Disk_Monitor.exe
Command Line : "C:\Program Files\IC Card Reader Driver v1.8e2\Disk_Monitor.exe"
ProcessID : 1136
ThreadCreationTime : 2005-4-27 上午 06:05:27
BasePriority : Normal
FileVersion : 1.6.1204.1
ProductVersion : 1.6.1204.1
ProductName : Disk Monitor
CompanyName : Neodio Corp.
FileDescription : Disk Monitor
InternalName : Disk Monitor(ECS)
LegalCopyright : Copyright © Neodio Corp. 2001
LegalTrademarks : Disk Monitor
OriginalFilename : Disk_Monitor.exe

#:18 [pccguide.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
ProcessID : 1148
ThreadCreationTime : 2005-4-27 上午 06:05:27
BasePriority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : PCCGuide
InternalName : PCCGuide
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : PCCGuide

#:19 [pccclient.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
ProcessID : 1152
ThreadCreationTime : 2005-4-27 上午 06:05:27
BasePriority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : PCCClient
InternalName : PCCClient
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : PCCClient

#:20 [pop3trap.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
ProcessID : 1168
ThreadCreationTime : 2005-4-27 上午 06:05:28
BasePriority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : POP3Trap
InternalName : POP3Trap
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : POP3Trap

#:21 [incd.exe]
ModuleName : C:\Program Files\Ahead\InCD\InCD.exe
Command Line : "C:\Program Files\Ahead\InCD\InCD.exe"
ProcessID : 1180
ThreadCreationTime : 2005-4-27 上午 06:05:29
BasePriority : Normal


#:22 [lvcoms.exe]
ModuleName : C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
Command Line : "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
ProcessID : 996
ThreadCreationTime : 2005-4-27 上午 06:05:30
BasePriority : Normal
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
ProductName : Logitech ImageStudio
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2002 Logitech. All rights reserved.
OriginalFilename : LVComS.exe

#:23 [logitray.exe]
ModuleName : C:\Program Files\Logitech\ImageStudio\LogiTray.exe
Command Line : "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"
ProcessID : 1248
ThreadCreationTime : 2005-4-27 上午 06:05:32
BasePriority : Normal
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
ProductName : Logitech ImageStudio
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
LegalCopyright : © 1996-2002 Logitech. All rights reserved.
OriginalFilename : LogiTray.exe

#:24 [loadqm.exe]
ModuleName : C:\WINNT\loadqm.exe
Command Line : "C:\WINNT\loadqm.exe"
ProcessID : 1304
ThreadCreationTime : 2005-4-27 上午 06:05:32
BasePriority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE

#:25 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 1332
ThreadCreationTime : 2005-4-27 上午 06:05:35
BasePriority : Normal
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : c 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:26 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1372
ThreadCreationTime : 2005-4-27 上午 06:05:36
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : c Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:27 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-tw\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-tw\msnappau.exe"
ProcessID : 1416
ThreadCreationTime : 2005-4-27 上午 06:05:38
BasePriority : Normal


#:28 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 1424
ThreadCreationTime : 2005-4-27 上午 06:05:40
BasePriority : Normal
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : c 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:29 [internat.exe]
ModuleName : C:\WINNT\System32\internat.exe
Command Line : "C:\WINNT\System32\internat.exe"
ProcessID : 1452
ThreadCreationTime : 2005-4-27 上午 06:05:40
BasePriority : Normal
FileVersion : 5.00.2920.0000
ProductVersion : 5.00.2920.0000
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Keyboard Language Indicator Applet
InternalName : INTERNAT
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : INTERNAT.EXE

#:30 [backweb-8876480.exe]
ModuleName : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
Command Line : "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe"
ProcessID : 1460
ThreadCreationTime : 2005-4-27 上午 06:05:41
BasePriority : Normal


#:31 [skype.exe]
ModuleName : C:\Program Files\Skype\Phone\Skype.exe
Command Line : "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
ProcessID : 1508
ThreadCreationTime : 2005-4-27 上午 06:05:43
BasePriority : Normal


#:32 [robotaskbaricon.exe]
ModuleName : C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Command Line : "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
ProcessID : 1536
ThreadCreationTime : 2005-4-27 上午 06:05:46
BasePriority : Normal


#:33 [wp.exe]
ModuleName : C:\wp.exe
Command Line : "C:\wp.exe"
ProcessID : 1552
ThreadCreationTime : 2005-4-27 上午 06:05:47
BasePriority : Normal


#:34 [wzqkpick.exe]
ModuleName : C:\Program Files\WinZip\WZQKPICK.EXE
Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE"
ProcessID : 1088
ThreadCreationTime : 2005-4-27 上午 06:05:49
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6224)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:35 [ud.exe]
ModuleName : C:\Program Files\United Devices\UD.EXE
Command Line : "C:\Program Files\United Devices\UD.EXE"
ProcessID : 1604
ThreadCreationTime : 2005-4-27 上午 06:05:51
BasePriority : Normal
FileVersion : 3.00.2814
ProductVersion : 3.00.2814
ProductName : UD Agent
CompanyName : United Devices, Inc.
FileDescription : United Devices
InternalName : UDagent_3801_2814
LegalCopyright : Copyright United Devices ™
LegalTrademarks : United Devices ™
OriginalFilename : UDagent_3801_2814.exe
Comments : UD Agent Version 3.0

#:36 [ud_7657531.exe]
ModuleName : C:\Program Files\United Devices\ud_7657531.exe
Command Line : ud_7657531.exe
ProcessID : 1684
ThreadCreationTime : 2005-4-27 上午 06:06:08
BasePriority : Idle


#:37 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 1668
ThreadCreationTime : 2005-4-27 上午 06:06:08
BasePriority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:38 [wcgrid_rosetta.exe]
ModuleName : C:\Program Files\United Devices\ud_7657531_0.dir\WCGrid_Rosetta.exe
Command Line : "C:/Program Files/United Devices/ud_7657531_0.dir/WCGrid_Rosetta.exe" -series 11 -protein bi87 -chain 7 -nstruct 275 -constant_seed -jran 131495 -silent
ProcessID : 1704
ThreadCreationTime : 2005-4-27 上午 06:06:16
BasePriority : Idle
FileVersion : 1, 0, 0, 5
ProductName : Rosetta Fragments and Rosetta ab-initio
CompanyName : University of Washington and IBM Corporation
FileDescription : Created under grants from the National Science Foundation number MCB-9458178, the Packard Foundation, the Los Alamos National Laboratory, Office of Naval Research grant number N00014-95-1-0417, and the Howard Hughes Medical Institute
InternalName : WCGrid_Rosetta.exe
LegalCopyright : Copyright © Unversity of Washington 2000-2004 and IBM Corp. 2004. All Rights Reserved
OriginalFilename : Rosetta

#:39 [trojanhunter.exe]
ModuleName : C:\TJH\TrojanHunter 4.2\TrojanHunter.exe
Command Line : "C:\TJH\TrojanHunter 4.2\TrojanHunter.exe"
ProcessID : 1560
ThreadCreationTime : 2005-4-27 上午 06:37:41
BasePriority : Normal
FileVersion : 4.2.0.908
ProductVersion : 4.1.0.0
ProductName : TrojanHunter
CompanyName : Mischel Internet Security
FileDescription : TrojanHunter Scanner
InternalName : TrojanHunter Scanner
LegalCopyright : Mischel Internet Security
LegalTrademarks : TrojanHunter is a trademark of Mischel Internet Security
OriginalFilename : TrojanHunter.exe

#:40 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1844
ThreadCreationTime : 2005-4-27 上午 07:21:08
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright c Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 0
Objects found so far: 0


Started registry scan
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.toolbandobj.1

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.toolbandobj.1
Value :

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.toolbandobj

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.toolbandobj
Value :

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf}
Value :

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0e1230f8-ea50-42a9-983c-d22abc2eed3b}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0e1230f8-ea50-42a9-983c-d22abc2eed3b}
Value :

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\toolbar
Value : {0E1230F8-EA50-42A9-983C-D22ABC2EED3B}

Registry Scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 10
Objects found so far: 10


Started deep registry scan
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

Deep registry scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 0
Objects found so far: 10


Started Tracking Cookie scan
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@atdmt[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:administrator@atdmt.com/
Expires : 2010-4-24 下午 05:00:00
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@centrport[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@centrport.net/
Expires : 2029-12-31 下午 05:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@2o7[1].txt
Category : Data Miner
Comment : Hits:12
Value : Cookie:administrator@2o7.net/
Expires : 2010-4-25 下午 10:33:18
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@tribalfusion[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@tribalfusion.com/
Expires : 2037-12-31 下午 05:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@servedby.advertising[1].txt
Category : Data Miner
Comment : Hits:16
Value : Cookie:administrator@servedby.advertising.com/
Expires : 2005-5-26 下午 10:33:38
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@as1.falkag[1].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:administrator@as1.falkag.de/
Expires : 2005-5-26 上午 12:56:34
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@doubleclick[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:administrator@doubleclick.net/
Expires : 2008-4-25 上午 12:57:14
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@server.iad.liveperson[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@server.iad.liveperson.net/
Expires : 2005-4-27 下午 10:09:42
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@advertising[1].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:administrator@advertising.com/
Expires : 2010-4-25 下午 10:15:52
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@www.stopzilla[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:administrator@www.stopzilla.com/
Expires : 2008-8-8 下午 10:07:56
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ads.pointroll[2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:administrator@ads.pointroll.com/
Expires : 2009-12-31 下午 05:00:00
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking cookie scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 11
Objects found so far: 21



Deep scanning and examining files (C:)
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

Disk Scan Result for C:\
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 0
Objects found so far: 21


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

Hosts file scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
1 entries scanned.
New critical objects:0
Objects found so far: 21




Performing conditional scans...
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

Conditional scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 0
Objects found so far: 21

上午 12:22:21 Scan Complete

Summary Of This Scan
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
Total scanning time:00:01:04.797
Objects scanned:53137
Objects identified:21
Objects ignored:0
New critical objects:21
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP