-Downloaded and ran CWShredder, nothing found.
-No virus indicated by McAfee Virusscan.
-Windows XP SP1 has critical updates applied. I am only prompted to download SP2, cannot find SP1a.
How do I get rid of this crap? Thanks in advance for any help!
Toni
____Logfile_______
Lavasoft Ad-Aware Personal Build 1.03
Logfile created on:Saturday, April 23, 2005 3:09:25 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
DyFuCA(TAC index:3):3 total references
istbar(TAC index:7):3 total references
Other(TAC index:5):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650
(Requires Ad-Aware SE or higher)
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:44 %
Total physical memory:522224 kb
Available physical memory:228720 kb
Total page file size:1278928 kb
Available on page file:1078876 kb
Total virtual memory:2097024 kb
Available virtual memory:2040848 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)
Ad-Aware Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects
4-23-2005 3:09:25 PM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\
Command Line : n/a
ProcessID : 576
ThreadCreationTime : 4-23-2005 7:02:45 PM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 640
ThreadCreationTime : 4-23-2005 7:02:46 PM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\
Command Line : winlogon.exe
ProcessID : 664
ThreadCreationTime : 4-23-2005 7:02:47 PM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 708
ThreadCreationTime : 4-23-2005 7:02:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 720
ThreadCreationTime : 4-23-2005 7:02:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 920
ThreadCreationTime : 4-23-2005 7:02:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1000
ThreadCreationTime : 4-23-2005 7:02:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1232
ThreadCreationTime : 4-23-2005 7:02:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1264
ThreadCreationTime : 4-23-2005 7:02:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1392
ThreadCreationTime : 4-23-2005 7:02:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:11 [explorer.exe]
ModuleName : C:\WINDOWS\
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1648
ThreadCreationTime : 4-23-2005 7:02:55 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:12 [acsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\
Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
ProcessID : 1852
ThreadCreationTime : 4-23-2005 7:02:56 PM
BasePriority : Normal
#:13 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 1872
ThreadCreationTime : 4-23-2005 7:02:56 PM
BasePriority : Normal
FileVersion : 3,0,0,2104
ProductVersion : 7,0,0,2104
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE
#:14 [tfswctrl.exe]
ModuleName : C:\WINDOWS\system32\dla\
Command Line : "C:\WINDOWS\system32\dla\tfswctrl.exe"
ProcessID : 1884
ThreadCreationTime : 4-23-2005 7:02:56 PM
BasePriority : Normal
FileVersion : 1.04.05b
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2003 Sonic Solutions
#:15 [dsentry.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : "C:\WINDOWS\System32\DSentry.exe"
ProcessID : 1892
ThreadCreationTime : 4-23-2005 7:02:56 PM
BasePriority : Normal
FileVersion : 1, 0, 5, 0
ProductVersion : 1, 0, 5, 0
ProductName : Dell - DVDSentry
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
LegalCopyright : Copyright © 2002 Dell
OriginalFilename : DSentry.exe
Comments : DVDSentry launches your software DVD player when a DVD is inserted.
#:16 [pcmservice.exe]
ModuleName : C:\Program Files\Dell\Media Experience\
Command Line : "C:\Program Files\Dell\Media Experience\PCMService.exe"
ProcessID : 1912
ThreadCreationTime : 4-23-2005 7:02:57 PM
BasePriority : Normal
FileVersion : 1.0.0826
ProductVersion : 1.0.0826
ProductName : PCM2Launcher Application
CompanyName : CyberLink Corp.
FileDescription : PowerCinema Resident Program for Dell
InternalName : PowerCinema Resident Program for Dell
LegalCopyright : Copyright c 2003 CyberLink Corp.
OriginalFilename : PCM2Launcher.EXE
#:17 [ctsvccda.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : C:\WINDOWS\System32\CTsvcCDA.exe
ProcessID : 1932
ThreadCreationTime : 4-23-2005 7:02:57 PM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE
#:18 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 2032
ThreadCreationTime : 4-23-2005 7:02:57 PM
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:19 [mcvsrte.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\
Command Line : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding
ProcessID : 128
ThreadCreationTime : 4-23-2005 7:02:57 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 6
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine
#:20 [mcagent.exe]
ModuleName : C:\PROGRA~1\mcafee.com\agent\
Command Line : "C:\PROGRA~1\mcafee.com\agent\mcagent.exe"
ProcessID : 172
ThreadCreationTime : 4-23-2005 7:02:57 PM
BasePriority : Normal
FileVersion : 5, 1, 0, 2
ProductVersion : 5, 1, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe
#:21 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 200
ThreadCreationTime : 4-23-2005 7:02:58 PM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe
#:22 [mm_tray.exe]
ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
Command Line : "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
ProcessID : 216
ThreadCreationTime : 4-23-2005 7:02:58 PM
BasePriority : Normal
FileVersion : 9.00.2063
ProductVersion : 9.00.2063
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe
#:23 [support.exe]
ModuleName : C:\Program Files\Common Files\Dell\EUSW\
Command Line : "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
ProcessID : 264
ThreadCreationTime : 4-23-2005 7:02:58 PM
BasePriority : Normal
FileVersion : 2, 1, 1, 0
ProductVersion : 1, 0, 0, 1
ProductName : Dell Support
CompanyName : Dell
FileDescription : Support
InternalName : Support
LegalCopyright : Copyright © 2002
OriginalFilename : Support.exe
#:24 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\
Command Line : "C:\WINDOWS\wanmpsvc.exe"
ProcessID : 284
ThreadCreationTime : 4-23-2005 7:02:58 PM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe
#:25 [mcvsshld.exe]
ModuleName : C:\PROGRA~1\mcafee.com\vso\
Command Line : "C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
ProcessID : 332
ThreadCreationTime : 4-23-2005 7:02:58 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 6
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource
#:26 [notifyalert.exe]
ModuleName : C:\Program Files\Dell\Support\Alert\bin\
Command Line : "C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe" timer
ProcessID : 444
ThreadCreationTime : 4-23-2005 7:02:59 PM
BasePriority : Normal
#:27 [mcvsescn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\
Command Line : "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled
ProcessID : 496
ThreadCreationTime : 4-23-2005 7:03:00 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module
#:28 [safeshare.exe]
ModuleName : C:\Program Files\safe-share\
Command Line : "C:\Program Files\safe-share\SafeShare.exe"
ProcessID : 520
ThreadCreationTime : 4-23-2005 7:03:00 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : SafeShare Application
FileDescription : SafeShare MFC Application
InternalName : SafeShare
LegalCopyright : Copyright © 2003
OriginalFilename : SafeShare.EXE
#:29 [mmtask.exe]
ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
Command Line : "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
ProcessID : 548
ThreadCreationTime : 4-23-2005 7:03:00 PM
BasePriority : Normal
FileVersion : 9.0.0.1
ProductVersion : 9.0.0.1
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch Inc.
FileDescription : <Musicmatch System Tray Application>
InternalName : mmtask.exe
LegalCopyright : © Musicmatch Inc.. All rights reserved.
OriginalFilename : mmtask.exe
#:30 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 628
ThreadCreationTime : 4-23-2005 7:03:00 PM
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:31 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 836
ThreadCreationTime : 4-23-2005 7:03:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:32 [taskpanl.exe]
ModuleName : C:\Program Files\EarthLink TotalAccess\
Command Line : "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
ProcessID : 944
ThreadCreationTime : 4-23-2005 7:03:00 PM
BasePriority : Normal
FileVersion : 2003.3.84.0
ProductVersion : 2003.3.84.0
ProductName : EarthLink TotalAccess
CompanyName : EarthLink, Inc.
LegalCopyright : © EarthLink, Inc. All rights reserved.
#:33 [diagent.exe]
ModuleName : C:\Program Files\Creative\SBLive\Diagnostics\
Command Line : diagent.exe systray
ProcessID : 984
ThreadCreationTime : 4-23-2005 7:03:01 PM
BasePriority : Normal
FileVersion : 1, 1, 4, 0
ProductVersion : 1.01.04
ProductName : Creative Diagnostics Agent
CompanyName : Creative Technology Ltd
FileDescription : Creative Diagnostics Agent
InternalName : Creative Diagnostics Agent
LegalCopyright : Copyright © 2002 Creative Technology Ltd
OriginalFilename : diagent.exe
#:34 [mspmspsv.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : C:\WINDOWS\System32\MsPMSPSv.exe
ProcessID : 1092
ThreadCreationTime : 4-23-2005 7:03:02 PM
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE
#:35 [svchost.exe]
ModuleName : C:\WINDOWS\system32\
Command Line : C:\WINDOWS\system32\svchost.exe -k netsvcs
ProcessID : 1104
ThreadCreationTime : 4-23-2005 7:03:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:36 [dlg.exe]
ModuleName : C:\Program Files\Digital Line Detect\
Command Line : "C:\Program Files\Digital Line Detect\DLG.exe"
ProcessID : 1148
ThreadCreationTime : 4-23-2005 7:03:03 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe
#:37 [sdstat.exe]
ModuleName : C:\Program Files\SmartDisk\FlashPath\
Command Line : "C:\Program Files\SmartDisk\FlashPath\sdstat.exe"
ProcessID : 1168
ThreadCreationTime : 4-23-2005 7:03:03 PM
BasePriority : Normal
FileVersion : 3, 6, 0, 7
ProductVersion : 3, 6, 0, 7
ProductName : FPSMstat Application
CompanyName : SmartDisk Corporation
FileDescription : FPSMstat MFC Application
InternalName : FPSMstat
LegalCopyright : 1998-2001 SmartDisk Corporation
OriginalFilename : FPSMstat.EXE
#:38 [cnmsm58.exe]
ModuleName : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
Command Line : "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\cnmsm58.exe" LPT1:;Canon i560;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMCP58.DLL;1
ProcessID : 1336
ThreadCreationTime : 4-23-2005 7:03:04 PM
BasePriority : Normal
FileVersion : 1.73.2.0
ProductVersion : 1.73.2.0
ProductName : Canon BJ Raster Printer Driver for Microsoft Windows XP / Windows 2000
CompanyName : CANON INC.
FileDescription : BJ Status Monitor
InternalName : CNMSTMN.EXE
LegalCopyright : Copyright CANON INC. 1999-2003 All Rights Reserved
OriginalFilename : CNMSTMN.EXE
#:39 [mcshield.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\
Command Line : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
ProcessID : 2076
ThreadCreationTime : 4-23-2005 7:03:07 PM
BasePriority : High
#:40 [mcvsftsn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\
Command Line : c:\progra~1\mcafee.com\vso\mcvsftsn.exe -Embedding
ProcessID : 2672
ThreadCreationTime : 4-23-2005 7:03:10 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsftsn.EXE
Comments : McAfee VirusScan Instant Messenger Scan Module
#:41 [istsvc.exe]
ModuleName : C:\Program Files\ISTsvc\
Command Line : "C:\Program Files\ISTsvc\istsvc.exe"
ProcessID : 3340
ThreadCreationTime : 4-23-2005 7:04:04 PM
BasePriority : Normal
#:42 [winword.exe]
ModuleName : C:\Program Files\Microsoft Office\Office10\
Command Line : "C:\Program Files\Microsoft Office\Office10\WINWORD.EXE"
ProcessID : 3400
ThreadCreationTime : 4-23-2005 7:04:12 PM
BasePriority : Normal
#:43 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1716
ThreadCreationTime : 4-23-2005 7:07:06 PM
BasePriority : Normal
FileVersion : 6.2.0.162
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3341659447-352134100-197416220-1006\software\ist
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "IST Service"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : IST Service
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 4
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 4
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
DyFuCA Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\ISTsvc
istbar Object Recognized!
Type : File
Data : istsvc.exe
Category : Malware
Comment :
Object : C:\Program Files\istsvc\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 7
3:24:23 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:14:57.766
Objects scanned:157244
Objects identified:7
Objects ignored:0
New critical objects:7