Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help with DyFuCA


  • This topic is locked This topic is locked

#1
baughtl

baughtl

    New Member

  • Member
  • Pip
  • 6 posts
Help, please! Started getting pop-ups yesterday. Updated and ran AdAware and SpyBot, and was able to delete several items, but not DyFuCA. Then I found your site this morning. Ran AdAware again with your custom settings. Deleted files, rebooted, ran again with following results (logfile.)

-Downloaded and ran CWShredder, nothing found.
-No virus indicated by McAfee Virusscan.
-Windows XP SP1 has critical updates applied. I am only prompted to download SP2, cannot find SP1a.

How do I get rid of this crap? Thanks in advance for any help!
Toni

____Logfile_______

Lavasoft Ad-Aware Personal Build 1.03
Logfile created on:Saturday, April 23, 2005 3:09:25 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
DyFuCA(TAC index:3):3 total references
istbar(TAC index:7):3 total references
Other(TAC index:5):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650
(Requires Ad-Aware SE or higher)


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:44 %
Total physical memory:522224 kb
Available physical memory:228720 kb
Total page file size:1278928 kb
Available on page file:1078876 kb
Total virtual memory:2097024 kb
Available virtual memory:2040848 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


4-23-2005 3:09:25 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\
Command Line : n/a
ProcessID : 576
ThreadCreationTime : 4-23-2005 7:02:45 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 640
ThreadCreationTime : 4-23-2005 7:02:46 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\
Command Line : winlogon.exe
ProcessID : 664
ThreadCreationTime : 4-23-2005 7:02:47 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 708
ThreadCreationTime : 4-23-2005 7:02:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 720
ThreadCreationTime : 4-23-2005 7:02:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 920
ThreadCreationTime : 4-23-2005 7:02:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1000
ThreadCreationTime : 4-23-2005 7:02:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1232
ThreadCreationTime : 4-23-2005 7:02:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1264
ThreadCreationTime : 4-23-2005 7:02:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1392
ThreadCreationTime : 4-23-2005 7:02:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [explorer.exe]
ModuleName : C:\WINDOWS\
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1648
ThreadCreationTime : 4-23-2005 7:02:55 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [acsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\
Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
ProcessID : 1852
ThreadCreationTime : 4-23-2005 7:02:56 PM
BasePriority : Normal


#:13 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 1872
ThreadCreationTime : 4-23-2005 7:02:56 PM
BasePriority : Normal
FileVersion : 3,0,0,2104
ProductVersion : 7,0,0,2104
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE

#:14 [tfswctrl.exe]
ModuleName : C:\WINDOWS\system32\dla\
Command Line : "C:\WINDOWS\system32\dla\tfswctrl.exe"
ProcessID : 1884
ThreadCreationTime : 4-23-2005 7:02:56 PM
BasePriority : Normal
FileVersion : 1.04.05b
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2003 Sonic Solutions

#:15 [dsentry.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : "C:\WINDOWS\System32\DSentry.exe"
ProcessID : 1892
ThreadCreationTime : 4-23-2005 7:02:56 PM
BasePriority : Normal
FileVersion : 1, 0, 5, 0
ProductVersion : 1, 0, 5, 0
ProductName : Dell - DVDSentry
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
LegalCopyright : Copyright © 2002 Dell
OriginalFilename : DSentry.exe
Comments : DVDSentry launches your software DVD player when a DVD is inserted.

#:16 [pcmservice.exe]
ModuleName : C:\Program Files\Dell\Media Experience\
Command Line : "C:\Program Files\Dell\Media Experience\PCMService.exe"
ProcessID : 1912
ThreadCreationTime : 4-23-2005 7:02:57 PM
BasePriority : Normal
FileVersion : 1.0.0826
ProductVersion : 1.0.0826
ProductName : PCM2Launcher Application
CompanyName : CyberLink Corp.
FileDescription : PowerCinema Resident Program for Dell
InternalName : PowerCinema Resident Program for Dell
LegalCopyright : Copyright c 2003 CyberLink Corp.
OriginalFilename : PCM2Launcher.EXE

#:17 [ctsvccda.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : C:\WINDOWS\System32\CTsvcCDA.exe
ProcessID : 1932
ThreadCreationTime : 4-23-2005 7:02:57 PM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:18 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 2032
ThreadCreationTime : 4-23-2005 7:02:57 PM
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:19 [mcvsrte.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\
Command Line : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding
ProcessID : 128
ThreadCreationTime : 4-23-2005 7:02:57 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 6
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:20 [mcagent.exe]
ModuleName : C:\PROGRA~1\mcafee.com\agent\
Command Line : "C:\PROGRA~1\mcafee.com\agent\mcagent.exe"
ProcessID : 172
ThreadCreationTime : 4-23-2005 7:02:57 PM
BasePriority : Normal
FileVersion : 5, 1, 0, 2
ProductVersion : 5, 1, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe

#:21 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 200
ThreadCreationTime : 4-23-2005 7:02:58 PM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:22 [mm_tray.exe]
ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
Command Line : "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
ProcessID : 216
ThreadCreationTime : 4-23-2005 7:02:58 PM
BasePriority : Normal
FileVersion : 9.00.2063
ProductVersion : 9.00.2063
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe

#:23 [support.exe]
ModuleName : C:\Program Files\Common Files\Dell\EUSW\
Command Line : "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
ProcessID : 264
ThreadCreationTime : 4-23-2005 7:02:58 PM
BasePriority : Normal
FileVersion : 2, 1, 1, 0
ProductVersion : 1, 0, 0, 1
ProductName : Dell Support
CompanyName : Dell
FileDescription : Support
InternalName : Support
LegalCopyright : Copyright © 2002
OriginalFilename : Support.exe

#:24 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\
Command Line : "C:\WINDOWS\wanmpsvc.exe"
ProcessID : 284
ThreadCreationTime : 4-23-2005 7:02:58 PM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:25 [mcvsshld.exe]
ModuleName : C:\PROGRA~1\mcafee.com\vso\
Command Line : "C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
ProcessID : 332
ThreadCreationTime : 4-23-2005 7:02:58 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 6
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:26 [notifyalert.exe]
ModuleName : C:\Program Files\Dell\Support\Alert\bin\
Command Line : "C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe" timer
ProcessID : 444
ThreadCreationTime : 4-23-2005 7:02:59 PM
BasePriority : Normal


#:27 [mcvsescn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\
Command Line : "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled
ProcessID : 496
ThreadCreationTime : 4-23-2005 7:03:00 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:28 [safeshare.exe]
ModuleName : C:\Program Files\safe-share\
Command Line : "C:\Program Files\safe-share\SafeShare.exe"
ProcessID : 520
ThreadCreationTime : 4-23-2005 7:03:00 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : SafeShare Application
FileDescription : SafeShare MFC Application
InternalName : SafeShare
LegalCopyright : Copyright © 2003
OriginalFilename : SafeShare.EXE

#:29 [mmtask.exe]
ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
Command Line : "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
ProcessID : 548
ThreadCreationTime : 4-23-2005 7:03:00 PM
BasePriority : Normal
FileVersion : 9.0.0.1
ProductVersion : 9.0.0.1
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch Inc.
FileDescription : <Musicmatch System Tray Application>
InternalName : mmtask.exe
LegalCopyright : © Musicmatch Inc.. All rights reserved.
OriginalFilename : mmtask.exe

#:30 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 628
ThreadCreationTime : 4-23-2005 7:03:00 PM
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:31 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 836
ThreadCreationTime : 4-23-2005 7:03:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:32 [taskpanl.exe]
ModuleName : C:\Program Files\EarthLink TotalAccess\
Command Line : "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
ProcessID : 944
ThreadCreationTime : 4-23-2005 7:03:00 PM
BasePriority : Normal
FileVersion : 2003.3.84.0
ProductVersion : 2003.3.84.0
ProductName : EarthLink TotalAccess
CompanyName : EarthLink, Inc.
LegalCopyright : © EarthLink, Inc. All rights reserved.

#:33 [diagent.exe]
ModuleName : C:\Program Files\Creative\SBLive\Diagnostics\
Command Line : diagent.exe systray
ProcessID : 984
ThreadCreationTime : 4-23-2005 7:03:01 PM
BasePriority : Normal
FileVersion : 1, 1, 4, 0
ProductVersion : 1.01.04
ProductName : Creative Diagnostics Agent
CompanyName : Creative Technology Ltd
FileDescription : Creative Diagnostics Agent
InternalName : Creative Diagnostics Agent
LegalCopyright : Copyright © 2002 Creative Technology Ltd
OriginalFilename : diagent.exe

#:34 [mspmspsv.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : C:\WINDOWS\System32\MsPMSPSv.exe
ProcessID : 1092
ThreadCreationTime : 4-23-2005 7:03:02 PM
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:35 [svchost.exe]
ModuleName : C:\WINDOWS\system32\
Command Line : C:\WINDOWS\system32\svchost.exe -k netsvcs
ProcessID : 1104
ThreadCreationTime : 4-23-2005 7:03:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:36 [dlg.exe]
ModuleName : C:\Program Files\Digital Line Detect\
Command Line : "C:\Program Files\Digital Line Detect\DLG.exe"
ProcessID : 1148
ThreadCreationTime : 4-23-2005 7:03:03 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe

#:37 [sdstat.exe]
ModuleName : C:\Program Files\SmartDisk\FlashPath\
Command Line : "C:\Program Files\SmartDisk\FlashPath\sdstat.exe"
ProcessID : 1168
ThreadCreationTime : 4-23-2005 7:03:03 PM
BasePriority : Normal
FileVersion : 3, 6, 0, 7
ProductVersion : 3, 6, 0, 7
ProductName : FPSMstat Application
CompanyName : SmartDisk Corporation
FileDescription : FPSMstat MFC Application
InternalName : FPSMstat
LegalCopyright : 1998-2001 SmartDisk Corporation
OriginalFilename : FPSMstat.EXE

#:38 [cnmsm58.exe]
ModuleName : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
Command Line : "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\cnmsm58.exe" LPT1:;Canon i560;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMCP58.DLL;1
ProcessID : 1336
ThreadCreationTime : 4-23-2005 7:03:04 PM
BasePriority : Normal
FileVersion : 1.73.2.0
ProductVersion : 1.73.2.0
ProductName : Canon BJ Raster Printer Driver for Microsoft Windows XP / Windows 2000
CompanyName : CANON INC.
FileDescription : BJ Status Monitor
InternalName : CNMSTMN.EXE
LegalCopyright : Copyright CANON INC. 1999-2003 All Rights Reserved
OriginalFilename : CNMSTMN.EXE

#:39 [mcshield.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\
Command Line : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
ProcessID : 2076
ThreadCreationTime : 4-23-2005 7:03:07 PM
BasePriority : High


#:40 [mcvsftsn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\
Command Line : c:\progra~1\mcafee.com\vso\mcvsftsn.exe -Embedding
ProcessID : 2672
ThreadCreationTime : 4-23-2005 7:03:10 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsftsn.EXE
Comments : McAfee VirusScan Instant Messenger Scan Module

#:41 [istsvc.exe]
ModuleName : C:\Program Files\ISTsvc\
Command Line : "C:\Program Files\ISTsvc\istsvc.exe"
ProcessID : 3340
ThreadCreationTime : 4-23-2005 7:04:04 PM
BasePriority : Normal


#:42 [winword.exe]
ModuleName : C:\Program Files\Microsoft Office\Office10\
Command Line : "C:\Program Files\Microsoft Office\Office10\WINWORD.EXE"
ProcessID : 3400
ThreadCreationTime : 4-23-2005 7:04:12 PM
BasePriority : Normal


#:43 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1716
ThreadCreationTime : 4-23-2005 7:07:06 PM
BasePriority : Normal
FileVersion : 6.2.0.162
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3341659447-352134100-197416220-1006\software\ist

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "IST Service"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : IST Service

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 4


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 4




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

DyFuCA Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\ISTsvc

istbar Object Recognized!
Type : File
Data : istsvc.exe
Category : Malware
Comment :
Object : C:\Program Files\istsvc\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 7

3:24:23 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:14:57.766
Objects scanned:157244
Objects identified:7
Objects ignored:0
New critical objects:7
  • 0

Advertisements


#2
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi.
You have an old build of ad-aware running..
It would be best to uninstall your current version and download/install this from here;
http://www.download....ubj=dl&tag=top5
Just do the same thing as you did on your message above, but with this build.
Then experts take it from there.. (also remember to delete all tracking cookies before posting your log, and updating definition files for this version..)
Thanks,

- Rawe :tazz:
  • 0

#3
baughtl

baughtl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks, will do....
  • 0

#4
baughtl

baughtl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OK - I uninstalled old version of AdAware, installed new version. Deleted tracking cookies and re-scanned. I'm perplexed that the new scan did not find anything!!

Here is the logfile:
Ad-Aware SE Build 1.05
Logfile Created on:Saturday, April 23, 2005 4:37:30 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R8 13.09.2004
Internal build : 12
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\defs.ref
File size : 344723 Bytes
Total size : 1092481 Bytes
Signature data size : 1068971 Bytes
Reference data size : 22998 Bytes
Signatures total : 30122
Fingerprints total : 154
Fingerprints size : 7129 Bytes
Target categories : 15
Target families : 560

4-23-2005 4:18:00 PM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650


4-23-2005 4:18:03 PM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:36 %
Total physical memory:522224 kb
Available physical memory:186660 kb
Total page file size:1278928 kb
Available on page file:1052744 kb
Total virtual memory:2097024 kb
Available virtual memory:2026080 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


4-23-2005 4:37:30 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 576
ThreadCreationTime : 4-23-2005 7:02:45 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 640
ThreadCreationTime : 4-23-2005 7:02:46 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 664
ThreadCreationTime : 4-23-2005 7:02:47 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 708
ThreadCreationTime : 4-23-2005 7:02:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 720
ThreadCreationTime : 4-23-2005 7:02:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 920
ThreadCreationTime : 4-23-2005 7:02:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1000
ThreadCreationTime : 4-23-2005 7:02:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1232
ThreadCreationTime : 4-23-2005 7:02:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1264
ThreadCreationTime : 4-23-2005 7:02:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1392
ThreadCreationTime : 4-23-2005 7:02:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1648
ThreadCreationTime : 4-23-2005 7:02:55 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [acsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
ProcessID : 1852
ThreadCreationTime : 4-23-2005 7:02:56 PM
BasePriority : Normal


#:13 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 1872
ThreadCreationTime : 4-23-2005 7:02:56 PM
BasePriority : Normal
FileVersion : 3,0,0,2104
ProductVersion : 7,0,0,2104
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE

#:14 [tfswctrl.exe]
ModuleName : C:\WINDOWS\system32\dla\tfswctrl.exe
Command Line : "C:\WINDOWS\system32\dla\tfswctrl.exe"
ProcessID : 1884
ThreadCreationTime : 4-23-2005 7:02:56 PM
BasePriority : Normal
FileVersion : 1.04.05b
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2003 Sonic Solutions

#:15 [dsentry.exe]
ModuleName : C:\WINDOWS\System32\DSentry.exe
Command Line : "C:\WINDOWS\System32\DSentry.exe"
ProcessID : 1892
ThreadCreationTime : 4-23-2005 7:02:56 PM
BasePriority : Normal
FileVersion : 1, 0, 5, 0
ProductVersion : 1, 0, 5, 0
ProductName : Dell - DVDSentry
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
LegalCopyright : Copyright © 2002 Dell
OriginalFilename : DSentry.exe
Comments : DVDSentry launches your software DVD player when a DVD is inserted.

#:16 [pcmservice.exe]
ModuleName : C:\Program Files\Dell\Media Experience\PCMService.exe
Command Line : "C:\Program Files\Dell\Media Experience\PCMService.exe"
ProcessID : 1912
ThreadCreationTime : 4-23-2005 7:02:57 PM
BasePriority : Normal
FileVersion : 1.0.0826
ProductVersion : 1.0.0826
ProductName : PCM2Launcher Application
CompanyName : CyberLink Corp.
FileDescription : PowerCinema Resident Program for Dell
InternalName : PowerCinema Resident Program for Dell
LegalCopyright : Copyright c 2003 CyberLink Corp.
OriginalFilename : PCM2Launcher.EXE

#:17 [ctsvccda.exe]
ModuleName : C:\WINDOWS\System32\CTsvcCDA.exe
Command Line : C:\WINDOWS\System32\CTsvcCDA.exe
ProcessID : 1932
ThreadCreationTime : 4-23-2005 7:02:57 PM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:18 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 2032
ThreadCreationTime : 4-23-2005 7:02:57 PM
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:19 [mcvsrte.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding
ProcessID : 128
ThreadCreationTime : 4-23-2005 7:02:57 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 6
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:20 [mcagent.exe]
ModuleName : C:\PROGRA~1\mcafee.com\agent\mcagent.exe
Command Line : "C:\PROGRA~1\mcafee.com\agent\mcagent.exe"
ProcessID : 172
ThreadCreationTime : 4-23-2005 7:02:57 PM
BasePriority : Normal
FileVersion : 5, 1, 0, 2
ProductVersion : 5, 1, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe

#:21 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 200
ThreadCreationTime : 4-23-2005 7:02:58 PM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:22 [mm_tray.exe]
ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
Command Line : "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
ProcessID : 216
ThreadCreationTime : 4-23-2005 7:02:58 PM
BasePriority : Normal
FileVersion : 9.00.2063
ProductVersion : 9.00.2063
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe

#:23 [support.exe]
ModuleName : C:\Program Files\Common Files\Dell\EUSW\Support.exe
Command Line : "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
ProcessID : 264
ThreadCreationTime : 4-23-2005 7:02:58 PM
BasePriority : Normal
FileVersion : 2, 1, 1, 0
ProductVersion : 1, 0, 0, 1
ProductName : Dell Support
CompanyName : Dell
FileDescription : Support
InternalName : Support
LegalCopyright : Copyright © 2002
OriginalFilename : Support.exe

#:24 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : "C:\WINDOWS\wanmpsvc.exe"
ProcessID : 284
ThreadCreationTime : 4-23-2005 7:02:58 PM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:25 [mcvsshld.exe]
ModuleName : C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
Command Line : "C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
ProcessID : 332
ThreadCreationTime : 4-23-2005 7:02:58 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 6
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:26 [notifyalert.exe]
ModuleName : C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
Command Line : "C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe" timer
ProcessID : 444
ThreadCreationTime : 4-23-2005 7:02:59 PM
BasePriority : Normal


#:27 [mcvsescn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\mcvsescn.exe
Command Line : "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled
ProcessID : 496
ThreadCreationTime : 4-23-2005 7:03:00 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:28 [safeshare.exe]
ModuleName : C:\Program Files\safe-share\SafeShare.exe
Command Line : "C:\Program Files\safe-share\SafeShare.exe"
ProcessID : 520
ThreadCreationTime : 4-23-2005 7:03:00 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : SafeShare Application
FileDescription : SafeShare MFC Application
InternalName : SafeShare
LegalCopyright : Copyright © 2003
OriginalFilename : SafeShare.EXE

#:29 [mmtask.exe]
ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
Command Line : "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
ProcessID : 548
ThreadCreationTime : 4-23-2005 7:03:00 PM
BasePriority : Normal
FileVersion : 9.0.0.1
ProductVersion : 9.0.0.1
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch Inc.
FileDescription : <Musicmatch System Tray Application>
InternalName : mmtask.exe
LegalCopyright : © Musicmatch Inc.. All rights reserved.
OriginalFilename : mmtask.exe

#:30 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 628
ThreadCreationTime : 4-23-2005 7:03:00 PM
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:31 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 836
ThreadCreationTime : 4-23-2005 7:03:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:32 [taskpanl.exe]
ModuleName : C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
Command Line : "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
ProcessID : 944
ThreadCreationTime : 4-23-2005 7:03:00 PM
BasePriority : Normal
FileVersion : 2003.3.84.0
ProductVersion : 2003.3.84.0
ProductName : EarthLink TotalAccess
CompanyName : EarthLink, Inc.
LegalCopyright : © EarthLink, Inc. All rights reserved.

#:33 [diagent.exe]
ModuleName : C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
Command Line : diagent.exe systray
ProcessID : 984
ThreadCreationTime : 4-23-2005 7:03:01 PM
BasePriority : Normal
FileVersion : 1, 1, 4, 0
ProductVersion : 1.01.04
ProductName : Creative Diagnostics Agent
CompanyName : Creative Technology Ltd
FileDescription : Creative Diagnostics Agent
InternalName : Creative Diagnostics Agent
LegalCopyright : Copyright © 2002 Creative Technology Ltd
OriginalFilename : diagent.exe

#:34 [mspmspsv.exe]
ModuleName : C:\WINDOWS\System32\MsPMSPSv.exe
Command Line : C:\WINDOWS\System32\MsPMSPSv.exe
ProcessID : 1092
ThreadCreationTime : 4-23-2005 7:03:02 PM
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:35 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k netsvcs
ProcessID : 1104
ThreadCreationTime : 4-23-2005 7:03:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:36 [dlg.exe]
ModuleName : C:\Program Files\Digital Line Detect\DLG.exe
Command Line : "C:\Program Files\Digital Line Detect\DLG.exe"
ProcessID : 1148
ThreadCreationTime : 4-23-2005 7:03:03 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe

#:37 [sdstat.exe]
ModuleName : C:\Program Files\SmartDisk\FlashPath\sdstat.exe
Command Line : "C:\Program Files\SmartDisk\FlashPath\sdstat.exe"
ProcessID : 1168
ThreadCreationTime : 4-23-2005 7:03:03 PM
BasePriority : Normal
FileVersion : 3, 6, 0, 7
ProductVersion : 3, 6, 0, 7
ProductName : FPSMstat Application
CompanyName : SmartDisk Corporation
FileDescription : FPSMstat MFC Application
InternalName : FPSMstat
LegalCopyright : 1998-2001 SmartDisk Corporation
OriginalFilename : FPSMstat.EXE

#:38 [cnmsm58.exe]
ModuleName : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\cnmsm58.exe
Command Line : "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\cnmsm58.exe" LPT1:;Canon i560;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMCP58.DLL;1
ProcessID : 1336
ThreadCreationTime : 4-23-2005 7:03:04 PM
BasePriority : Normal
FileVersion : 1.73.2.0
ProductVersion : 1.73.2.0
ProductName : Canon BJ Raster Printer Driver for Microsoft Windows XP / Windows 2000
CompanyName : CANON INC.
FileDescription : BJ Status Monitor
InternalName : CNMSTMN.EXE
LegalCopyright : Copyright CANON INC. 1999-2003 All Rights Reserved
OriginalFilename : CNMSTMN.EXE

#:39 [mcshield.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
ProcessID : 2076
ThreadCreationTime : 4-23-2005 7:03:07 PM
BasePriority : High


#:40 [mcvsftsn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\mcvsftsn.exe
Command Line : c:\progra~1\mcafee.com\vso\mcvsftsn.exe -Embedding
ProcessID : 2672
ThreadCreationTime : 4-23-2005 7:03:10 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsftsn.EXE
Comments : McAfee VirusScan Instant Messenger Scan Module

#:41 [ad-aware.exe]
ModuleName : C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
Command Line : "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" +483832
ProcessID : 3848
ThreadCreationTime : 4-23-2005 8:17:57 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 0


4:51:50 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:14:20.156
Objects scanned:154555
Objects identified:0
Objects ignored:0
New critical objects:0
  • 0

#5
GR@PH;<'S

GR@PH;<'S

    Member

  • Member
  • PipPipPip
  • 135 posts
baughtl,

I'm perplexed that the new scan did not find anything!!

Hay your ok we all think the same way as you if nothing is found for awhile ;)
but I see you did a Custom scan not a ""Full Scan"" try doing a ""Full Scan"" and post your logfile here if need be by using the "Add-reply" feature.

are you having problems or are you just concerned that nothing seems to be found on your PC.

GR@PH;<'S :tazz:
  • 0

#6
baughtl

baughtl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here is my full scan - AFTER - I updated SpyBot to 1.5, downloaded all updates, ran it, found 90 items in 10 categories, and deleted them"successfully." I then ran a full scan using AdAware, again, nothing was found. Rebooted. Ran another full scan with AdAware using Corinne's recommended settings.

I deleted all cookies from my PC. If you guys mean something else by "remove all tracking cookies before posting" please let me know.
Thanks again for the help.

Ad-Aware SE Build 1.05
Logfile Created on:Saturday, April 23, 2005 6:37:01 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

References detected during the scan:
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
DyFuCA(TAC index:3):25 total references
istbar(TAC index:7):6 total references
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:54 %
Total physical memory:522224 kb
Available physical memory:279576 kb
Total page file size:1278928 kb
Available on page file:1081632 kb
Total virtual memory:2097024 kb
Available virtual memory:2047732 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


4-23-2005 6:37:01 PM - Scan started. (Full System Scan)

Listing running processes
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 568
ThreadCreationTime : 4-23-2005 10:23:36 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe
ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On
SubSystemType=Windows ServerDll=basesrv,1
ServerDll=winsrv:UserServerDllInitialization,3
ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off
MaxRequestTh
ProcessID : 640
ThreadCreationTime : 4-23-2005 10:23:38 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 664
ThreadCreationTime : 4-23-2005 10:23:38 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 708
ThreadCreationTime : 4-23-2005 10:23:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : C Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 720
ThreadCreationTime : 4-23-2005 10:23:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : C Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 924
ThreadCreationTime : 4-23-2005 10:23:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : C Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1004
ThreadCreationTime : 4-23-2005 10:23:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : C Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k
NetworkService
ProcessID : 1232
ThreadCreationTime : 4-23-2005 10:23:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : C Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1264
ThreadCreationTime : 4-23-2005 10:23:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : C Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1400
ThreadCreationTime : 4-23-2005 10:23:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : C Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [acsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
ProcessID : 1512
ThreadCreationTime : 4-23-2005 10:23:48 PM
BasePriority : Normal


#:12 [ctsvccda.exe]
ModuleName : C:\WINDOWS\System32\CTsvcCDA.exe
Command Line : C:\WINDOWS\System32\CTsvcCDA.exe
ProcessID : 1532
ThreadCreationTime : 4-23-2005 10:23:48 PM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999.
All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:13 [mcvsrte.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
/Embedding
ProcessID : 1596
ThreadCreationTime : 4-23-2005 10:23:48 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 6
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright C 2005 McAfee, Inc. All Rights
Reserved.
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:14 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft
Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft
Shared\VS7Debug\mdm.exe"
ProcessID : 1612
ThreadCreationTime : 4-23-2005 10:23:48 PM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:15 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : "C:\WINDOWS\wanmpsvc.exe"
ProcessID : 1668
ThreadCreationTime : 4-23-2005 10:23:48 PM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright C 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:16 [mspmspsv.exe]
ModuleName : C:\WINDOWS\System32\MsPMSPSv.exe
Command Line : C:\WINDOWS\System32\MsPMSPSv.exe
ProcessID : 1728
ThreadCreationTime : 4-23-2005 10:23:48 PM
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:17 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k netsvcs
ProcessID : 1820
ThreadCreationTime : 4-23-2005 10:23:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : C Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:18 [mcshield.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
ProcessID : 248
ThreadCreationTime : 4-23-2005 10:23:54 PM
BasePriority : High


#:19 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 368
ThreadCreationTime : 4-23-2005 10:28:22 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : C Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:20 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 1460
ThreadCreationTime : 4-23-2005 10:28:25 PM
BasePriority : Normal
FileVersion : 3,0,0,2104
ProductVersion : 7,0,0,2104
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE

#:21 [tfswctrl.exe]
ModuleName : C:\WINDOWS\system32\dla\tfswctrl.exe
Command Line : "C:\WINDOWS\system32\dla\tfswctrl.exe"
ProcessID : 1444
ThreadCreationTime : 4-23-2005 10:28:25 PM
BasePriority : Normal
FileVersion : 1.04.05b
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright C 2003 Sonic Solutions

#:22 [dsentry.exe]
ModuleName : C:\WINDOWS\System32\DSentry.exe
Command Line : "C:\WINDOWS\System32\DSentry.exe"
ProcessID : 1484
ThreadCreationTime : 4-23-2005 10:28:25 PM
BasePriority : Normal
FileVersion : 1, 0, 5, 0
ProductVersion : 1, 0, 5, 0
ProductName : Dell - DVDSentry
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
LegalCopyright : Copyright C 2002 Dell
OriginalFilename : DSentry.exe
Comments : DVDSentry launches your software DVD player
when a DVD is inserted.

#:23 [pcmservice.exe]
ModuleName : C:\Program Files\Dell\Media
Experience\PCMService.exe
Command Line : "C:\Program Files\Dell\Media
Experience\PCMService.exe"
ProcessID : 1568
ThreadCreationTime : 4-23-2005 10:28:25 PM
BasePriority : Normal
FileVersion : 1.0.0826
ProductVersion : 1.0.0826
ProductName : PCM2Launcher Application
CompanyName : CyberLink Corp.
FileDescription : PowerCinema Resident Program for Dell
InternalName : PowerCinema Resident Program for Dell
LegalCopyright : Copyright c 2003 CyberLink Corp.
OriginalFilename : PCM2Launcher.EXE

#:24 [realsched.exe]
ModuleName : C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 2024
ThreadCreationTime : 4-23-2005 10:28:26 PM
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright C RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio™ is a trademark of RealNetworks,
Inc.
OriginalFilename : realsched.exe

#:25 [mcagent.exe]
ModuleName : C:\PROGRA~1\mcafee.com\agent\mcagent.exe
Command Line : "C:\PROGRA~1\mcafee.com\agent\mcagent.exe"
ProcessID : 152
ThreadCreationTime : 4-23-2005 10:28:27 PM
BasePriority : Normal
FileVersion : 5, 1, 0, 2
ProductVersion : 5, 1, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright C 2005 McAfee, Inc.
OriginalFilename : mcagent.exe

#:26 [mm_tray.exe]
ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe
Command Line : "C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe"
ProcessID : 212
ThreadCreationTime : 4-23-2005 10:28:28 PM
BasePriority : Normal
FileVersion : 9.00.2063
ProductVersion : 9.00.2063
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright C Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe

#:27 [support.exe]
ModuleName : C:\Program Files\Common
Files\Dell\EUSW\Support.exe
Command Line : "C:\Program Files\Common
Files\Dell\EUSW\Support.exe"
ProcessID : 224
ThreadCreationTime : 4-23-2005 10:28:28 PM
BasePriority : Normal
FileVersion : 2, 1, 1, 0
ProductVersion : 1, 0, 0, 1
ProductName : Dell Support
CompanyName : Dell
FileDescription : Support
InternalName : Support
LegalCopyright : Copyright C 2002
OriginalFilename : Support.exe

#:28 [mcvsshld.exe]
ModuleName : C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
Command Line : "C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
ProcessID : 1764
ThreadCreationTime : 4-23-2005 10:28:29 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 6
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright C 2005 McAfee, Inc. All Rights
Reserved.
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:29 [mmtask.exe]
ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe
Command Line : "C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe"
ProcessID : 1448
ThreadCreationTime : 4-23-2005 10:28:29 PM
BasePriority : Normal
FileVersion : 9.0.0.1
ProductVersion : 9.0.0.1
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch Inc.
FileDescription : <Musicmatch System Tray Application>
InternalName : mmtask.exe
LegalCopyright : © Musicmatch Inc.. All rights reserved.
OriginalFilename : mmtask.exe

#:30 [ymllpdx.exe]
ModuleName : C:\WINDOWS\ymllpdx.exe
Command Line : "C:\WINDOWS\ymllpdx.exe"
ProcessID : 1068
ThreadCreationTime : 4-23-2005 10:28:30 PM
BasePriority : Normal


#:31 [mcvsescn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\mcvsescn.exe
Command Line : "c:\progra~1\mcafee.com\vso\mcvsescn.exe"
/disabled
ProcessID : 1108
ThreadCreationTime : 4-23-2005 10:28:30 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright C 2005 McAfee, Inc. All Rights
Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:32 [notifyalert.exe]
ModuleName : C:\Program
Files\Dell\Support\Alert\bin\NotifyAlert.exe
Command Line : "C:\Program
Files\Dell\Support\Alert\bin\NotifyAlert.exe" timer
ProcessID : 1120
ThreadCreationTime : 4-23-2005 10:28:30 PM
BasePriority : Normal


#:33 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe"
/background
ProcessID : 1124
ThreadCreationTime : 4-23-2005 10:28:31 PM
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of
Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:34 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 1624
ThreadCreationTime : 4-23-2005 10:28:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : C Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:35 [taskpanl.exe]
ModuleName : C:\Program Files\EarthLink
TotalAccess\TaskPanl.exe
Command Line : "C:\Program Files\EarthLink
TotalAccess\TaskPanl.exe" -winstart
ProcessID : 1148
ThreadCreationTime : 4-23-2005 10:28:31 PM
BasePriority : Normal
FileVersion : 2003.3.84.0
ProductVersion : 2003.3.84.0
ProductName : EarthLink TotalAccess
CompanyName : EarthLink, Inc.
LegalCopyright : C EarthLink, Inc. All rights reserved.

#:36 [dlg.exe]
ModuleName : C:\Program Files\Digital Line Detect\DLG.exe
Command Line : "C:\Program Files\Digital Line Detect\DLG.exe"
ProcessID : 1928
ThreadCreationTime : 4-23-2005 10:28:33 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright C 2003
OriginalFilename : TestLine.exe

#:37 [sdstat.exe]
ModuleName : C:\Program Files\SmartDisk\FlashPath\sdstat.exe
Command Line : "C:\Program
Files\SmartDisk\FlashPath\sdstat.exe"
ProcessID : 1944
ThreadCreationTime : 4-23-2005 10:28:33 PM
BasePriority : Normal
FileVersion : 3, 6, 0, 7
ProductVersion : 3, 6, 0, 7
ProductName : FPSMstat Application
CompanyName : SmartDisk Corporation
FileDescription : FPSMstat MFC Application
InternalName : FPSMstat
LegalCopyright : 1998-2001 SmartDisk Corporation
OriginalFilename : FPSMstat.EXE

#:38 [diagent.exe]
ModuleName : C:\Program
Files\Creative\SBLive\Diagnostics\diagent.exe
Command Line : diagent.exe systray
ProcessID : 2128
ThreadCreationTime : 4-23-2005 10:28:35 PM
BasePriority : Normal
FileVersion : 1, 1, 4, 0
ProductVersion : 1.01.04
ProductName : Creative Diagnostics Agent
CompanyName : Creative Technology Ltd
FileDescription : Creative Diagnostics Agent
InternalName : Creative Diagnostics Agent
LegalCopyright : Copyright © 2002 Creative Technology Ltd
OriginalFilename : diagent.exe

#:39 [cnmsm58.exe]
ModuleName :
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\cnmsm58.exe
Command Line :
"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\cnmsm58.exe" LPT1:;Canon
i560;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMCP58.DLL;1
ProcessID : 2168
ThreadCreationTime : 4-23-2005 10:28:35 PM
BasePriority : Normal
FileVersion : 1.73.2.0
ProductVersion : 1.73.2.0
ProductName : Canon BJ Raster Printer Driver for Microsoft
Windows XP / Windows 2000
CompanyName : CANON INC.
FileDescription : BJ Status Monitor
InternalName : CNMSTMN.EXE
LegalCopyright : Copyright CANON INC. 1999-2003 All Rights
Reserved
OriginalFilename : CNMSTMN.EXE

#:40 [mcvsftsn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\mcvsftsn.exe
Command Line : c:\progra~1\mcafee.com\vso\mcvsftsn.exe
-Embedding
ProcessID : 2608
ThreadCreationTime : 4-23-2005 10:28:41 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
LegalCopyright : Copyright C 2005 McAfee, Inc. All Rights
Reserved.
OriginalFilename : mcvsftsn.EXE
Comments : McAfee VirusScan Instant Messenger Scan Module

#:41 [istsvc.exe]
ModuleName : C:\Program Files\ISTsvc\istsvc.exe
Command Line : "C:\Program Files\ISTsvc\istsvc.exe"
ProcessID : 3040
ThreadCreationTime : 4-23-2005 10:29:36 PM
BasePriority : Normal


#:42 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE
Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE
Personal\Ad-Aware.exe"
ProcessID : 2164
ThreadCreationTime : 4-23-2005 10:34:55 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright C Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
New critical objects: 0
Objects found so far: 0


Started registry scan
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object :
S-1-5-21-3341659447-352134100-197416220-1006\software\ist

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object :
S-1-5-21-3341659447-352134100-197416220-1006\software\ist
Value : Recover

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : version

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : app_name

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_url

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_url

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_url

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : ui

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_initial_delay

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_count

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_day_count

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_day_limit

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_count

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_version

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_count

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : account_id

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : app_date

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_interval

DyFuCA Object Recognized!
Type : RegVa
  • 0

#7
Guest_nommork_*

Guest_nommork_*
  • Guest
You have not psoted your entire log file. Please start another new post startign from where you left off
  • 0

#8
baughtl

baughtl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here's the rest of my AdAware logfile.....anybody???



DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_last

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_interval

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_last

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object :
software\microsoft\windows\currentversion\uninstall\istsvc

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object :
software\microsoft\windows\currentversion\uninstall\istsvc
Value : DisplayName

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object :
software\microsoft\windows\currentversion\uninstall\istsvc
Value : UninstallString

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object :
software\microsoft\windows\currentversion\uninstall\istsvc
Value : NoModify

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "IST Service"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : IST Service

Registry Scan result:
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
New critical objects: 29
Objects found so far: 29


Started deep registry scan
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Deep registry scan result:
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
New critical objects: 0
Objects found so far: 29


Started Tracking Cookie scan
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


Tracking cookie scan result:
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
New critical objects: 0
Objects found so far: 29



Deep scanning and examining files (C:)
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Disk Scan Result for C:\
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
New critical objects: 0
Objects found so far: 29


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>

Hosts file scan result:
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
1 entries scanned.
New critical objects:0
Objects found so far: 29




Performing conditional scans...
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

DyFuCA Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\ISTsvc

istbar Object Recognized!
Type : File
Data : istsvc.exe
Category : Malware
Comment :
Object : C:\Program Files\istsvc\



Conditional scan result:
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
New critical objects: 2
Objects found so far: 31

6:51:39 PM Scan Complete

Summary Of This Scan
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Total scanning time:00:14:38.62
Objects scanned:154951
Objects identified:31
Objects ignored:0
New critical objects:31
  • 0

#9
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R40 20.04.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#10
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please could you download these extra tools:

Go here and download the EScan tool: http://www.mwti.net/antivirus/mwav.asp

Download the following program called Killbox from here: http://www.downloads...org/KillBox.zip

To remove this from your computer, you need to find the dll file in order to permanently delete this pest.

Heres the problem

Please run the EScan tool.

Scanning with that tool will produce a logfile, this will uncover the the dll. Then it is a simple matter to unregister the dll and use the Killbox to eradicate any infected files.

Usually the culprits are this:

C:\WINNT\System32\systr.dll

C:\WINDOWS\System32\guninst.exe

When entering the .dll file(s) into KillBox, check the box that says 'Unregister DLL before deleting'.

:tazz: Thanks


Andy

nommork also suggests that you try deleting wp.exe with kill box
  • 0

#11
baughtl

baughtl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Do I need to follow the steps in both of your last posts, or just the latest one?
Thanks.

Edited by baughtl, 24 April 2005 - 08:19 AM.

  • 0

#12
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please follow both my posts. :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP