Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Referred]Ad aware log


  • Please log in to reply

#1
Matt S

Matt S

    New Member

  • Member
  • Pip
  • 5 posts
got a really bad spyware problem and was advised to post ad aware log here before posting a hijack this log.

so here we go, any help appreciated :tazz:


Ad-Aware SE Build 1.05
Logfile Created on:27 April 2005 11:05:17
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R39 15.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MediaMotor(TAC index:8):40 total references
MRU List(TAC index:0):27 total references
Other(TAC index:5):1 total references
SahAgent(TAC index:9):20 total references
Tracking Cookie(TAC index:3):11 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


27-04-2005 11:05:17 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Matt\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\creative tech\creative wavestudio\settings
Description : list of recently used directories in creative wavestudio


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\smartftp\connection data
Description : list of recently accessed servers using smartftp


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\macromedia\dreamweaver 6\recent file list
Description : list of recently used files in macromedia dreamweaver


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 604
ThreadCreationTime : 27-04-2005 08:23:07
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 668
ThreadCreationTime : 27-04-2005 08:23:08
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 692
ThreadCreationTime : 27-04-2005 08:23:09
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 736
ThreadCreationTime : 27-04-2005 08:23:10
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 748
ThreadCreationTime : 27-04-2005 08:23:10
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 908
ThreadCreationTime : 27-04-2005 08:23:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 932
ThreadCreationTime : 27-04-2005 08:23:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1028
ThreadCreationTime : 27-04-2005 08:23:12
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1084
ThreadCreationTime : 27-04-2005 08:23:12
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1296
ThreadCreationTime : 27-04-2005 08:23:13
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1392
ThreadCreationTime : 27-04-2005 08:23:13
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:12 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1412
ThreadCreationTime : 27-04-2005 08:23:14
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:13 [ctsvccda.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1424
ThreadCreationTime : 27-04-2005 08:23:14
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:14 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1464
ThreadCreationTime : 27-04-2005 08:23:14
BasePriority : Normal
FileVersion : 5.13.01.2183
ProductVersion : 5.13.01.2183
ProductName : NVIDIA Driver Helper Service, Version 21.83
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 21.83
InternalName : NVSVC
LegalCopyright : Copyright © 1998-2001 NVIDIA Corporation
OriginalFilename : nvsvc32.exe

#:15 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1568
ThreadCreationTime : 27-04-2005 08:23:15
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:16 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 1628
ThreadCreationTime : 27-04-2005 08:23:15
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:17 [mspmspsv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1772
ThreadCreationTime : 27-04-2005 08:23:16
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:18 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 644
ThreadCreationTime : 27-04-2005 08:23:57
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2


#:19 [devldr32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1440
ThreadCreationTime : 27-04-2005 08:23:59
BasePriority : Normal
FileVersion : 1, 0, 0, 22
ProductVersion : 1, 0, 0, 22
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © 1997-2001 Creative Technology Ltd.
OriginalFilename : DevLdr32.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\WINDOWS\System32\devldr32.exe"Process terminated successfully

#:20 [directcd.exe]
FilePath : C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\
ProcessID : 1640
ThreadCreationTime : 27-04-2005 08:24:00
BasePriority : Normal
FileVersion : 5.10 (105)
ProductVersion : 5.10 (105)
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001, Roxio, Inc.
OriginalFilename : Directcd.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"Process terminated successfully

#:21 [diagent.exe]
FilePath : C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\
ProcessID : 1652
ThreadCreationTime : 27-04-2005 08:24:00
BasePriority : Normal
FileVersion : 1.0.10.0
ProductVersion : 1.00.10
ProductName : Creative Diagnostics Agent
CompanyName : Creative Technology Ltd
FileDescription : Creative Diagnostics Agent
InternalName : Creative Diagnostics Agent
LegalCopyright : Copyright © 2001 Creative Technology Ltd
OriginalFilename : diagent.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE"Process terminated successfully

#:22 [hpgs2wnd.exe]
FilePath : C:\Program Files\Hewlett-Packard\HP Share-to-Web\
ProcessID : 1680
ThreadCreationTime : 27-04-2005 08:24:00
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"Process terminated successfully

#:23 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 1688
ThreadCreationTime : 27-04-2005 08:24:00
BasePriority : Normal
FileVersion : 4.5.0.31
ProductVersion : 4.5.0.31
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\iTunes\iTunesHelper.exe"Process terminated successfully

#:24 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1696
ThreadCreationTime : 27-04-2005 08:24:00
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\QuickTime\qttask.exe"Process terminated successfully

#:25 [lvcoms.exe]
FilePath : C:\Program Files\Common Files\Logitech\QCDriver\
ProcessID : 1704
ThreadCreationTime : 27-04-2005 08:24:00
BasePriority : Normal
FileVersion : 6.0.0.1208
ProductVersion : 6.0.0.1208
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2001 Logitech. All rights reserved.
OriginalFilename : LVComS.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE"Process terminated successfully

#:26 [versioncuetray.exe]
FilePath : C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\
ProcessID : 1712
ThreadCreationTime : 27-04-2005 08:24:01
BasePriority : Normal

Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe"Process terminated successfully

#:27 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_01\bin\
ProcessID : 1720
ThreadCreationTime : 27-04-2005 08:24:01
BasePriority : Normal


#:28 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1732
ThreadCreationTime : 27-04-2005 08:24:01
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2


#:29 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1744
ThreadCreationTime : 27-04-2005 08:24:01
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"Process terminated successfully

#:30 [abasa5jrp.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1852
ThreadCreationTime : 27-04-2005 08:24:01
BasePriority : Normal
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4

SahAgent Object Recognized!
Type : Process
Data : abasa5jrp.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4

Warning! SahAgent Object found in memory(C:\WINDOWS\System32\abasa5jrp.exe)

"C:\WINDOWS\System32\abasa5jrp.exe"Process terminated successfully
"C:\WINDOWS\System32\abasa5jrp.exe"Process terminated successfully

#:31 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 1876
ThreadCreationTime : 27-04-2005 08:24:01
BasePriority : Normal
FileVersion : 4.5.0.31
ProductVersion : 4.5.0.31
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:32 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 1916
ThreadCreationTime : 27-04-2005 08:24:02
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:33 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1948
ThreadCreationTime : 27-04-2005 08:24:02
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\WINDOWS\System32\ctfmon.exe"Process terminated successfully

#:34 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1984
ThreadCreationTime : 27-04-2005 08:24:02
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2


#:35 [ioutsj.exe]
FilePath : c:\windows\system32\
ProcessID : 1980
ThreadCreationTime : 27-04-2005 08:24:02
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"c:\windows\system32\ioutsj.exe"Process terminated successfully

#:36 [wlm.exe]
FilePath : C:\Program Files\BT Voyager\BT Voyager Wireless\
ProcessID : 200
ThreadCreationTime : 27-04-2005 08:24:03
BasePriority : Normal
FileVersion : 3, 1, 4, 15
ProductVersion : 1, 0, 0, 1
ProductName : Wireless LAN Monitor Utility
CompanyName : ASKEY
FileDescription : Wireless LAN Monitor Utility
InternalName : WlanMonitor
LegalCopyright : Copyright © 2001
OriginalFilename : WlanMonitor.exe
Comments : Wireless LAN Monitor Utility

#:37 [hpobrt07.exe]
FilePath : C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\
ProcessID : 1180
ThreadCreationTime : 27-04-2005 08:24:03
BasePriority : Normal
FileVersion : 2.00
ProductVersion : A.14.03.05
ProductName : hp psc 700 series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOBRT07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOBRT07.EXE
Comments : HP OfficeJet PSC 7 Series COM Device Objects

#:38 [hpgs2wnf.exe]
FilePath : C:\PROGRA~1\HEWLET~1\HPSHAR~1\
ProcessID : 436
ThreadCreationTime : 27-04-2005 08:24:04
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2


#:39 [hpoevm07.exe]
FilePath : C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\
ProcessID : 2236
ThreadCreationTime : 27-04-2005 08:24:08
BasePriority : Normal
FileVersion : 1.00
ProductVersion : A.14.03.05
ProductName : hp psc 700 series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOEVM07.EXE
Comments : HP OfficeJet COM Event Manager

#:40 [hpoipm07.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2644
ThreadCreationTime : 27-04-2005 08:24:10
BasePriority : Normal
FileVersion : 4, 5, 0, 767
ProductVersion : 4, 5, 0, 767
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\WINDOWS\System32\hpoipm07.exe"Process terminated successfully

#:41 [hposts07.exe]
FilePath : C:\Program Files\Hewlett-Packard\AiO\Shared\bin\
ProcessID : 3884
ThreadCreationTime : 27-04-2005 08:24:31
BasePriority : Normal
FileVersion : 1.00
ProductVersion : A.14.03.05
ProductName : hp psc 700 series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOCPY07.EXE
Comments : HP OfficeJet Status

#:42 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 152
ThreadCreationTime : 27-04-2005 09:48:17
BasePriority : Normal


#:43 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3956
ThreadCreationTime : 27-04-2005 10:04:54
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 44


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000000-dd60-0064-6ec2-6e0100000000}

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000000-dd60-0064-6ec2-6e0100000000}
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{92daf5c1-2135-4e0c-b7a0-259abfcd3904}

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bb0d5adc-028d-4185-9288-722ddce2c757}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bb0d5adc-028d-4185-9288-722ddce2c757}
Value :

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYC2n3trMsgSDisp

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYT2o3pListSPos

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYs2t3icky1S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYs2t3icky2S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYs2t3icky3S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYs2t3icky4S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYC1o2d3eOfSFinalAd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYT2i3m4eOfSFinalAd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYD2s3tSSEnd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PY2N3a4tionSCode

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYP2D3om

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYT2h3rshSCheckSIn

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYT2h3rshSMots

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYM2o3deSSync

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYI2n3ProgSCab

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYI2n3ProgSEx

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYI2n3ProgSLstest

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYL2a3stMotsSDay

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYL2a3stSSChckin

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYB2D3om

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYE2v3nt

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYT2h3rshSBath

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYT2h3rshSysSInf

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYL2n3Title

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYC2u3rrentSMode

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYC2n3tFyl

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYI2g3noreS

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYI2d3OfSInst

SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\winsock2\layered provider sample

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 36
Objects found so far: 80


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MediaMotor Object Recognized!
Type : Regkey
Data : C:\WINDOWS\Pynix.dll
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{09049E4F-8D9E-4C8A-A952-5BAF1A115C59}

MediaMotor Object Recognized!
Type : File
Data : pynix.dll
Category : Malware
Comment :
Object : c:\windows\
FileVersion : 0, 8, 4, 89
ProductVersion : 0, 8, 4, 89
ProductName : Pynix
CompanyName : Pynix
FileDescription : www.Pynix.com
InternalName : Pynix
LegalCopyright : Copyright © 2005
OriginalFilename : Pynix.dll
Comments : www.Pynix.com


MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : ({00000000-DD60-0064-6EC2-6E0100000000})
Rootkey : HKEY_CLASSES_ROOT
Object : PynixDll.PynixDllObj

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : ({00000000-DD60-0064-6EC2-6E0100000000})
Rootkey : HKEY_CLASSES_ROOT
Object : PynixDll.PynixDllObj
Value :

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : ({00000000-DD60-0064-6EC2-6E0100000000})
Rootkey : HKEY_CLASSES_ROOT
Object : PynixDll.PynixDllObj.1

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : ({00000000-DD60-0064-6EC2-6E0100000000})
Rootkey : HKEY_CLASSES_ROOT
Object : PynixDll.PynixDllObj.1
Value :

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 86


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt@bluestreak[2].txt
Category : Data Miner
Comment : Hits:55
Value : Cookie:matt@bluestreak.com/
Expires : 25-04-2015 05:14:28
LastSync : Hits:55
UseCount : 0
Hits : 55

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt@tradedoubler[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:matt@tradedoubler.com/
Expires : 22-04-2025 09:12:32
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:matt@imrworldwide.com/cgi-bin
Expires : 22-04-2015 10:07:14
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt@apmebf[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:matt@apmebf.com/
Expires : 26-04-2010 09:17:02
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt@zedo[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:matt@zedo.com/
Expires : 23-04-2015 09:59:06
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt@etype.adbureau[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:matt@etype.adbureau.net/
Expires : 01-03-2007 01:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt@trafficmp[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:matt@trafficmp.com/
Expires : 26-04-2006 13:49:58
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 93



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jess@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jess\Cookies\jess@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jess@doubleclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jess\Cookies\jess@doubleclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jess@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jess\Cookies\jess@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jess@www.shopathomeselect[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jess\Cookies\jess@www.shopathomeselect[1].txt

MediaMotor Object Recognized!
Type : File
Data : pynix.cab
Category : Malware
Comment :
Object : C:\Documents and Settings\Jess\Local Settings\Temp\DrTemp\



MediaMotor Object Recognized!
Type : File
Data : Pynix.dll
Category : Malware
Comment :
Object : C:\Documents and Settings\Jess\Local Settings\Temp\DrTemp\
FileVersion : 0, 8, 4, 89
ProductVersion : 0, 8, 4, 89
ProductName : Pynix
CompanyName : Pynix
FileDescription : www.Pynix.com
InternalName : Pynix
LegalCopyright : Copyright © 2005
OriginalFilename : Pynix.dll
Comments : www.Pynix.com


MediaMotor Object Recognized!
Type : File
Data : pynix[1].cab
Category : Malware
Comment :
Object : C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5�
  • 0

Advertisements


#2
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Your Ad-aware log is incomplete.
Please keep copying it until you reach a point where reads "Scan summary".

- Rawe :tazz:
  • 0

#3
Matt S

Matt S

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
sorry, should have noticed


try again:




Ad-Aware SE Build 1.05
Logfile Created on:27 April 2005 11:05:17
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R39 15.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MediaMotor(TAC index:8):40 total references
MRU List(TAC index:0):27 total references
Other(TAC index:5):1 total references
SahAgent(TAC index:9):20 total references
Tracking Cookie(TAC index:3):11 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


27-04-2005 11:05:17 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Matt\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\creative tech\creative wavestudio\settings
Description : list of recently used directories in creative wavestudio


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\smartftp\connection data
Description : list of recently accessed servers using smartftp


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\macromedia\dreamweaver 6\recent file list
Description : list of recently used files in macromedia dreamweaver


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 604
ThreadCreationTime : 27-04-2005 08:23:07
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 668
ThreadCreationTime : 27-04-2005 08:23:08
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 692
ThreadCreationTime : 27-04-2005 08:23:09
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 736
ThreadCreationTime : 27-04-2005 08:23:10
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 748
ThreadCreationTime : 27-04-2005 08:23:10
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 908
ThreadCreationTime : 27-04-2005 08:23:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 932
ThreadCreationTime : 27-04-2005 08:23:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1028
ThreadCreationTime : 27-04-2005 08:23:12
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1084
ThreadCreationTime : 27-04-2005 08:23:12
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1296
ThreadCreationTime : 27-04-2005 08:23:13
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1392
ThreadCreationTime : 27-04-2005 08:23:13
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:12 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1412
ThreadCreationTime : 27-04-2005 08:23:14
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:13 [ctsvccda.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1424
ThreadCreationTime : 27-04-2005 08:23:14
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:14 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1464
ThreadCreationTime : 27-04-2005 08:23:14
BasePriority : Normal
FileVersion : 5.13.01.2183
ProductVersion : 5.13.01.2183
ProductName : NVIDIA Driver Helper Service, Version 21.83
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 21.83
InternalName : NVSVC
LegalCopyright : Copyright © 1998-2001 NVIDIA Corporation
OriginalFilename : nvsvc32.exe

#:15 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1568
ThreadCreationTime : 27-04-2005 08:23:15
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:16 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 1628
ThreadCreationTime : 27-04-2005 08:23:15
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:17 [mspmspsv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1772
ThreadCreationTime : 27-04-2005 08:23:16
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:18 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 644
ThreadCreationTime : 27-04-2005 08:23:57
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2


#:19 [devldr32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1440
ThreadCreationTime : 27-04-2005 08:23:59
BasePriority : Normal
FileVersion : 1, 0, 0, 22
ProductVersion : 1, 0, 0, 22
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © 1997-2001 Creative Technology Ltd.
OriginalFilename : DevLdr32.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\WINDOWS\System32\devldr32.exe"Process terminated successfully

#:20 [directcd.exe]
FilePath : C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\
ProcessID : 1640
ThreadCreationTime : 27-04-2005 08:24:00
BasePriority : Normal
FileVersion : 5.10 (105)
ProductVersion : 5.10 (105)
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001, Roxio, Inc.
OriginalFilename : Directcd.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"Process terminated successfully

#:21 [diagent.exe]
FilePath : C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\
ProcessID : 1652
ThreadCreationTime : 27-04-2005 08:24:00
BasePriority : Normal
FileVersion : 1.0.10.0
ProductVersion : 1.00.10
ProductName : Creative Diagnostics Agent
CompanyName : Creative Technology Ltd
FileDescription : Creative Diagnostics Agent
InternalName : Creative Diagnostics Agent
LegalCopyright : Copyright © 2001 Creative Technology Ltd
OriginalFilename : diagent.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE"Process terminated successfully

#:22 [hpgs2wnd.exe]
FilePath : C:\Program Files\Hewlett-Packard\HP Share-to-Web\
ProcessID : 1680
ThreadCreationTime : 27-04-2005 08:24:00
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"Process terminated successfully

#:23 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 1688
ThreadCreationTime : 27-04-2005 08:24:00
BasePriority : Normal
FileVersion : 4.5.0.31
ProductVersion : 4.5.0.31
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\iTunes\iTunesHelper.exe"Process terminated successfully

#:24 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1696
ThreadCreationTime : 27-04-2005 08:24:00
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\QuickTime\qttask.exe"Process terminated successfully

#:25 [lvcoms.exe]
FilePath : C:\Program Files\Common Files\Logitech\QCDriver\
ProcessID : 1704
ThreadCreationTime : 27-04-2005 08:24:00
BasePriority : Normal
FileVersion : 6.0.0.1208
ProductVersion : 6.0.0.1208
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2001 Logitech. All rights reserved.
OriginalFilename : LVComS.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE"Process terminated successfully

#:26 [versioncuetray.exe]
FilePath : C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\
ProcessID : 1712
ThreadCreationTime : 27-04-2005 08:24:01
BasePriority : Normal

Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe"Process terminated successfully

#:27 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_01\bin\
ProcessID : 1720
ThreadCreationTime : 27-04-2005 08:24:01
BasePriority : Normal


#:28 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1732
ThreadCreationTime : 27-04-2005 08:24:01
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2


#:29 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1744
ThreadCreationTime : 27-04-2005 08:24:01
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"Process terminated successfully

#:30 [abasa5jrp.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1852
ThreadCreationTime : 27-04-2005 08:24:01
BasePriority : Normal
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4

SahAgent Object Recognized!
Type : Process
Data : abasa5jrp.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4

Warning! SahAgent Object found in memory(C:\WINDOWS\System32\abasa5jrp.exe)

"C:\WINDOWS\System32\abasa5jrp.exe"Process terminated successfully
"C:\WINDOWS\System32\abasa5jrp.exe"Process terminated successfully

#:31 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 1876
ThreadCreationTime : 27-04-2005 08:24:01
BasePriority : Normal
FileVersion : 4.5.0.31
ProductVersion : 4.5.0.31
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:32 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 1916
ThreadCreationTime : 27-04-2005 08:24:02
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:33 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1948
ThreadCreationTime : 27-04-2005 08:24:02
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\WINDOWS\System32\ctfmon.exe"Process terminated successfully

#:34 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1984
ThreadCreationTime : 27-04-2005 08:24:02
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2


#:35 [ioutsj.exe]
FilePath : c:\windows\system32\
ProcessID : 1980
ThreadCreationTime : 27-04-2005 08:24:02
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"c:\windows\system32\ioutsj.exe"Process terminated successfully

#:36 [wlm.exe]
FilePath : C:\Program Files\BT Voyager\BT Voyager Wireless\
ProcessID : 200
ThreadCreationTime : 27-04-2005 08:24:03
BasePriority : Normal
FileVersion : 3, 1, 4, 15
ProductVersion : 1, 0, 0, 1
ProductName : Wireless LAN Monitor Utility
CompanyName : ASKEY
FileDescription : Wireless LAN Monitor Utility
InternalName : WlanMonitor
LegalCopyright : Copyright © 2001
OriginalFilename : WlanMonitor.exe
Comments : Wireless LAN Monitor Utility

#:37 [hpobrt07.exe]
FilePath : C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\
ProcessID : 1180
ThreadCreationTime : 27-04-2005 08:24:03
BasePriority : Normal
FileVersion : 2.00
ProductVersion : A.14.03.05
ProductName : hp psc 700 series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOBRT07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOBRT07.EXE
Comments : HP OfficeJet PSC 7 Series COM Device Objects

#:38 [hpgs2wnf.exe]
FilePath : C:\PROGRA~1\HEWLET~1\HPSHAR~1\
ProcessID : 436
ThreadCreationTime : 27-04-2005 08:24:04
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2


#:39 [hpoevm07.exe]
FilePath : C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\
ProcessID : 2236
ThreadCreationTime : 27-04-2005 08:24:08
BasePriority : Normal
FileVersion : 1.00
ProductVersion : A.14.03.05
ProductName : hp psc 700 series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOEVM07.EXE
Comments : HP OfficeJet COM Event Manager

#:40 [hpoipm07.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2644
ThreadCreationTime : 27-04-2005 08:24:10
BasePriority : Normal
FileVersion : 4, 5, 0, 767
ProductVersion : 4, 5, 0, 767
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\WINDOWS\System32\hpoipm07.exe"Process terminated successfully

#:41 [hposts07.exe]
FilePath : C:\Program Files\Hewlett-Packard\AiO\Shared\bin\
ProcessID : 3884
ThreadCreationTime : 27-04-2005 08:24:31
BasePriority : Normal
FileVersion : 1.00
ProductVersion : A.14.03.05
ProductName : hp psc 700 series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOCPY07.EXE
Comments : HP OfficeJet Status

#:42 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 152
ThreadCreationTime : 27-04-2005 09:48:17
BasePriority : Normal


#:43 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3956
ThreadCreationTime : 27-04-2005 10:04:54
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 44


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000000-dd60-0064-6ec2-6e0100000000}

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000000-dd60-0064-6ec2-6e0100000000}
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{92daf5c1-2135-4e0c-b7a0-259abfcd3904}

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bb0d5adc-028d-4185-9288-722ddce2c757}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bb0d5adc-028d-4185-9288-722ddce2c757}
Value :

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYC2n3trMsgSDisp

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYT2o3pListSPos

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYs2t3icky1S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYs2t3icky2S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYs2t3icky3S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYs2t3icky4S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYC1o2d3eOfSFinalAd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYT2i3m4eOfSFinalAd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYD2s3tSSEnd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PY2N3a4tionSCode

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYP2D3om

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYT2h3rshSCheckSIn

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYT2h3rshSMots

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYM2o3deSSync

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYI2n3ProgSCab

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYI2n3ProgSEx

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYI2n3ProgSLstest

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYL2a3stMotsSDay

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYL2a3stSSChckin

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYB2D3om

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYE2v3nt

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYT2h3rshSBath

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYT2h3rshSysSInf

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYL2n3Title

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYC2u3rrentSMode

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYC2n3tFyl

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYI2g3noreS

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYI2d3OfSInst

SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\winsock2\layered provider sample

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 36
Objects found so far: 80


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MediaMotor Object Recognized!
Type : Regkey
Data : C:\WINDOWS\Pynix.dll
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{09049E4F-8D9E-4C8A-A952-5BAF1A115C59}

MediaMotor Object Recognized!
Type : File
Data : pynix.dll
Category : Malware
Comment :
Object : c:\windows\
FileVersion : 0, 8, 4, 89
ProductVersion : 0, 8, 4, 89
ProductName : Pynix
CompanyName : Pynix
FileDescription : www.Pynix.com
InternalName : Pynix
LegalCopyright : Copyright © 2005
OriginalFilename : Pynix.dll
Comments : www.Pynix.com


MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : ({00000000-DD60-0064-6EC2-6E0100000000})
Rootkey : HKEY_CLASSES_ROOT
Object : PynixDll.PynixDllObj

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : ({00000000-DD60-0064-6EC2-6E0100000000})
Rootkey : HKEY_CLASSES_ROOT
Object : PynixDll.PynixDllObj
Value :

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : ({00000000-DD60-0064-6EC2-6E0100000000})
Rootkey : HKEY_CLASSES_ROOT
Object : PynixDll.PynixDllObj.1

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : ({00000000-DD60-0064-6EC2-6E0100000000})
Rootkey : HKEY_CLASSES_ROOT
Object : PynixDll.PynixDllObj.1
Value :

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 86


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt@bluestreak[2].txt
Category : Data Miner
Comment : Hits:55
Value : Cookie:matt@bluestreak.com/
Expires : 25-04-2015 05:14:28
LastSync : Hits:55
UseCount : 0
Hits : 55

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt@tradedoubler[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:matt@tradedoubler.com/
Expires : 22-04-2025 09:12:32
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:matt@imrworldwide.com/cgi-bin
Expires : 22-04-2015 10:07:14
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt@apmebf[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:matt@apmebf.com/
Expires : 26-04-2010 09:17:02
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt@zedo[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:matt@zedo.com/
Expires : 23-04-2015 09:59:06
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt@etype.adbureau[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:matt@etype.adbureau.net/
Expires : 01-03-2007 01:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt@trafficmp[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:matt@trafficmp.com/
Expires : 26-04-2006 13:49:58
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 93



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jess@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jess\Cookies\jess@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jess@doubleclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jess\Cookies\jess@doubleclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jess@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jess\Cookies\jess@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jess@www.shopathomeselect[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jess\Cookies\jess@www.shopathomeselect[1].txt

MediaMotor Object Recognized!
Type : File
Data : pynix.cab
Category : Malware
Comment :
Object : C:\Documents and Settings\Jess\Local Settings\Temp\DrTemp\



MediaMotor Object Recognized!
Type : File
Data : Pynix.dll
Category : Malware
Comment :
Object : C:\Documents and Settings\Jess\Local Settings\Temp\DrTemp\
FileVersion : 0, 8, 4, 89
ProductVersion : 0, 8, 4, 89
ProductName : Pynix
CompanyName : Pynix
FileDescription : www.Pynix.com
InternalName : Pynix
LegalCopyright : Copyright © 2005
OriginalFilename : Pynix.dll
Comments : www.Pynix.com


MediaMotor Object Recognized!
Type : File
Data : pynix[1].cab
Category : Malware
Comment :
Object : C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\VHJ9HK0D\



SahAgent Object Recognized!
Type : File
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object
  • 0

#4
Matt S

Matt S

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2


SahAgent Object Recognized!
Type : File
Data : u6f6uftuc.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 102


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 102




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\DOCUME~1\Matt\LOCALS~1\Temp\DrTemp

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 105

11:16:53 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:36.62
Objects scanned:140415
Objects identified:62
Objects ignored:0
New critical objects:62



(didnt realise the forum cut it off halfway through! :tazz: )
  • 0

#5
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts

Using definitions file:SE1R39 15.04.2005


Well, you seriously need to update your Ad-aware's definition file's.
You are two updates behind.
Perform webupdate, delete all tracking cookies from your system, and run a new "Full system scan", then post a fresh scanlog in this topic.
Then I will tell you what to do.

- Rawe :tazz:

Edited by Rawe, 27 April 2005 - 12:51 PM.

  • 0

#6
Matt S

Matt S

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
blimey, they move fast dont they. Only got it a week ago.


Ad-Aware SE Build 1.05
Logfile Created on:27 April 2005 13:13:40
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MediaMotor(TAC index:8):1 total references
MRU List(TAC index:0):27 total references
SahAgent(TAC index:9):3 total references
Tracking Cookie(TAC index:3):3 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


27-04-2005 13:13:40 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Matt\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\creative tech\creative wavestudio\settings
Description : list of recently used directories in creative wavestudio


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\smartftp\connection data
Description : list of recently accessed servers using smartftp


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\macromedia\dreamweaver 6\recent file list
Description : list of recently used files in macromedia dreamweaver


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 604
ThreadCreationTime : 27-04-2005 08:23:07
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 668
ThreadCreationTime : 27-04-2005 08:23:08
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 692
ThreadCreationTime : 27-04-2005 08:23:09
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 736
ThreadCreationTime : 27-04-2005 08:23:10
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 748
ThreadCreationTime : 27-04-2005 08:23:10
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 908
ThreadCreationTime : 27-04-2005 08:23:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 932
ThreadCreationTime : 27-04-2005 08:23:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1028
ThreadCreationTime : 27-04-2005 08:23:12
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1084
ThreadCreationTime : 27-04-2005 08:23:12
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1296
ThreadCreationTime : 27-04-2005 08:23:13
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1392
ThreadCreationTime : 27-04-2005 08:23:13
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:12 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1412
ThreadCreationTime : 27-04-2005 08:23:14
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:13 [ctsvccda.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1424
ThreadCreationTime : 27-04-2005 08:23:14
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:14 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1464
ThreadCreationTime : 27-04-2005 08:23:14
BasePriority : Normal
FileVersion : 5.13.01.2183
ProductVersion : 5.13.01.2183
ProductName : NVIDIA Driver Helper Service, Version 21.83
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 21.83
InternalName : NVSVC
LegalCopyright : Copyright © 1998-2001 NVIDIA Corporation
OriginalFilename : nvsvc32.exe

#:15 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1568
ThreadCreationTime : 27-04-2005 08:23:15
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:16 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 1628
ThreadCreationTime : 27-04-2005 08:23:15
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:17 [mspmspsv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1772
ThreadCreationTime : 27-04-2005 08:23:16
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:18 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_01\bin\
ProcessID : 1720
ThreadCreationTime : 27-04-2005 08:24:01
BasePriority : Normal


#:19 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1732
ThreadCreationTime : 27-04-2005 08:24:01
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:20 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 1876
ThreadCreationTime : 27-04-2005 08:24:01
BasePriority : Normal
FileVersion : 4.5.0.31
ProductVersion : 4.5.0.31
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:21 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 1916
ThreadCreationTime : 27-04-2005 08:24:02
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:22 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1984
ThreadCreationTime : 27-04-2005 08:24:02
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:23 [wlm.exe]
FilePath : C:\Program Files\BT Voyager\BT Voyager Wireless\
ProcessID : 200
ThreadCreationTime : 27-04-2005 08:24:03
BasePriority : Normal
FileVersion : 3, 1, 4, 15
ProductVersion : 1, 0, 0, 1
ProductName : Wireless LAN Monitor Utility
CompanyName : ASKEY
FileDescription : Wireless LAN Monitor Utility
InternalName : WlanMonitor
LegalCopyright : Copyright © 2001
OriginalFilename : WlanMonitor.exe
Comments : Wireless LAN Monitor Utility

#:24 [hpobrt07.exe]
FilePath : C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\
ProcessID : 1180
ThreadCreationTime : 27-04-2005 08:24:03
BasePriority : Normal
FileVersion : 2.00
ProductVersion : A.14.03.05
ProductName : hp psc 700 series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOBRT07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOBRT07.EXE
Comments : HP OfficeJet PSC 7 Series COM Device Objects

#:25 [hpoevm07.exe]
FilePath : C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\
ProcessID : 2236
ThreadCreationTime : 27-04-2005 08:24:08
BasePriority : Normal
FileVersion : 1.00
ProductVersion : A.14.03.05
ProductName : hp psc 700 series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOEVM07.EXE
Comments : HP OfficeJet COM Event Manager

#:26 [hposts07.exe]
FilePath : C:\Program Files\Hewlett-Packard\AiO\Shared\bin\
ProcessID : 3884
ThreadCreationTime : 27-04-2005 08:24:31
BasePriority : Normal
FileVersion : 1.00
ProductVersion : A.14.03.05
ProductName : hp psc 700 series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOCPY07.EXE
Comments : HP OfficeJet Status

#:27 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3956
ThreadCreationTime : 27-04-2005 10:04:54
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:28 [jyvmpyh.exe]
FilePath : c:\windows\system32\
ProcessID : 4020
ThreadCreationTime : 27-04-2005 10:05:34
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:29 [devldr32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 472
ThreadCreationTime : 27-04-2005 10:15:42
BasePriority : Normal
FileVersion : 1, 0, 0, 22
ProductVersion : 1, 0, 0, 22
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © 1997-2001 Creative Technology Ltd.
OriginalFilename : DevLdr32.exe

#:30 [hpgs2wnf.exe]
FilePath : C:\PROGRA~1\HEWLET~1\HPSHAR~1\
ProcessID : 1852
ThreadCreationTime : 27-04-2005 10:16:52
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE

#:31 [avgemc.exe]
FilePath : C:\Program Files\Grisoft\AVG Free\
ProcessID : 1580
ThreadCreationTime : 27-04-2005 10:29:15
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:32 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1440
ThreadCreationTime : 27-04-2005 11:42:02
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:33 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 2572
ThreadCreationTime : 27-04-2005 12:02:41
BasePriority : Normal


#:34 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3456
ThreadCreationTime : 27-04-2005 12:12:59
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 28


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 28


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt@bluestreak[2].txt
Category : Data Miner
Comment : Hits:16
Value : Cookie:matt@bluestreak.com/
Expires : 25-04-2015 09:11:16
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt@server.iad.liveperson[1].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:matt@server.iad.liveperson.net/
Expires : 27-04-2006 13:07:20
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt@overture[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:matt@overture.com/
Expires : 25-04-2015 13:07:32
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 31



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

SahAgent Object Recognized!
Type : File
Data : A0000373.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CE1F994E-A09F-4DAF-A22B-41B04BC3323C}\RP6\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2


SahAgent Object Recognized!
Type : File
Data : A0000374.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CE1F994E-A09F-4DAF-A22B-41B04BC3323C}\RP6\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4


MediaMotor Object Recognized!
Type : File
Data : A0000375.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CE1F994E-A09F-4DAF-A22B-41B04BC3323C}\RP6\
FileVersion : 0, 8, 4, 89
ProductVersion : 0, 8, 4, 89
ProductName : Pynix
CompanyName : Pynix
FileDescription : www.Pynix.com
InternalName : Pynix
LegalCopyright : Copyright © 2005
OriginalFilename : Pynix.dll
Comments : www.Pynix.com


SahAgent Object Recognized!
Type : File
Data : A0000376.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CE1F994E-A09F-4DAF-A22B-41B04BC3323C}\RP6\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 35


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 35




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 35

13:25:05 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:24.688
Objects scanned:140752
Objects identified:8
Objects ignored:0
New critical objects:8
  • 0

#7
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R41 25.04.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to SahAgent objects ONLY. Click next, Click OK.

If problems are caused by deleting a family, just leave it.

Please only remove SahAgent first
Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Do not open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, remember that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:

Edited by Andy_veal, 27 April 2005 - 06:35 AM.

  • 0

#8
Matt S

Matt S

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Ad-Aware SE Build 1.05
Logfile Created on:27 April 2005 15:49:01
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):15 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


27-04-2005 15:49:01 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Matt\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\creative tech\creative wavestudio\settings
Description : list of recently used directories in creative wavestudio


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\smartftp\connection data
Description : list of recently accessed servers using smartftp


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\macromedia\dreamweaver 6\recent file list
Description : list of recently used files in macromedia dreamweaver


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 440
ThreadCreationTime : 27-04-2005 14:45:34
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 668
ThreadCreationTime : 27-04-2005 14:45:35
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 692
ThreadCreationTime : 27-04-2005 14:45:36
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 736
ThreadCreationTime : 27-04-2005 14:45:36
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 748
ThreadCreationTime : 27-04-2005 14:45:36
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 916
ThreadCreationTime : 27-04-2005 14:45:37
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 940
ThreadCreationTime : 27-04-2005 14:45:37
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1040
ThreadCreationTime : 27-04-2005 14:45:38
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1084
ThreadCreationTime : 27-04-2005 14:45:38
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1304
ThreadCreationTime : 27-04-2005 14:45:40
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1408
ThreadCreationTime : 27-04-2005 14:45:40
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:12 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1420
ThreadCreationTime : 27-04-2005 14:45:40
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:13 [ctsvccda.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1432
ThreadCreationTime : 27-04-2005 14:45:40
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:14 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1468
ThreadCreationTime : 27-04-2005 14:45:40
BasePriority : Normal
FileVersion : 5.13.01.2183
ProductVersion : 5.13.01.2183
ProductName : NVIDIA Driver Helper Service, Version 21.83
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 21.83
InternalName : NVSVC
LegalCopyright : Copyright © 1998-2001 NVIDIA Corporation
OriginalFilename : nvsvc32.exe

#:15 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1576
ThreadCreationTime : 27-04-2005 14:45:41
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:16 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 1636
ThreadCreationTime : 27-04-2005 14:45:42
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:17 [mspmspsv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1776
ThreadCreationTime : 27-04-2005 14:45:43
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:18 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 384
ThreadCreationTime : 27-04-2005 14:48:00
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:19 [directcd.exe]
FilePath : C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\
ProcessID : 572
ThreadCreationTime : 27-04-2005 14:48:01
BasePriority : Normal
FileVersion : 5.10 (105)
ProductVersion : 5.10 (105)
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001, Roxio, Inc.
OriginalFilename : Directcd.exe

#:20 [diagent.exe]
FilePath : C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\
ProcessID : 580
ThreadCreationTime : 27-04-2005 14:48:01
BasePriority : Normal
FileVersion : 1.0.10.0
ProductVersion : 1.00.10
ProductName : Creative Diagnostics Agent
CompanyName : Creative Technology Ltd
FileDescription : Creative Diagnostics Agent
InternalName : Creative Diagnostics Agent
LegalCopyright : Copyright © 2001 Creative Technology Ltd
OriginalFilename : diagent.exe

#:21 [hpgs2wnd.exe]
FilePath : C:\Program Files\Hewlett-Packard\HP Share-to-Web\
ProcessID : 608
ThreadCreationTime : 27-04-2005 14:48:02
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe

#:22 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 616
ThreadCreationTime : 27-04-2005 14:48:02
BasePriority : Normal
FileVersion : 4.5.0.31
ProductVersion : 4.5.0.31
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:23 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 624
ThreadCreationTime : 27-04-2005 14:48:02
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:24 [lvcoms.exe]
FilePath : C:\Program Files\Common Files\Logitech\QCDriver\
ProcessID : 632
ThreadCreationTime : 27-04-2005 14:48:02
BasePriority : Normal
FileVersion : 6.0.0.1208
ProductVersion : 6.0.0.1208
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2001 Logitech. All rights reserved.
OriginalFilename : LVComS.exe

#:25 [versioncuetray.exe]
FilePath : C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\
ProcessID : 640
ThreadCreationTime : 27-04-2005 14:48:02
BasePriority : Normal


#:26 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_01\bin\
ProcessID : 648
ThreadCreationTime : 27-04-2005 14:48:02
BasePriority : Normal


#:27 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 308
ThreadCreationTime : 27-04-2005 14:48:02
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:28 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 664
ThreadCreationTime : 27-04-2005 14:48:03
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:29 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 860
ThreadCreationTime : 27-04-2005 14:48:03
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:30 [devldr32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 960
ThreadCreationTime : 27-04-2005 14:48:03
BasePriority : Normal
FileVersion : 1, 0, 0, 22
ProductVersion : 1, 0, 0, 22
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © 1997-2001 Creative Technology Ltd.
OriginalFilename : DevLdr32.exe

#:31 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1092
ThreadCreationTime : 27-04-2005 14:48:04
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:32 [iputbxh.exe]
FilePath : c:\windows\system32\
ProcessID : 1160
ThreadCreationTime : 27-04-2005 14:48:04
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:33 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1172
ThreadCreationTime : 27-04-2005 14:48:04
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:34 [wlm.exe]
FilePath : C:\Program Files\BT Voyager\BT Voyager Wireless\
ProcessID : 1192
ThreadCreationTime : 27-04-2005 14:48:04
BasePriority : Normal
FileVersion : 3, 1, 4, 15
ProductVersion : 1, 0, 0, 1
ProductName : Wireless LAN Monitor Utility
CompanyName : ASKEY
FileDescription : Wireless LAN Monitor Utility
InternalName : WlanMonitor
LegalCopyright : Copyright © 2001
OriginalFilename : WlanMonitor.exe
Comments : Wireless LAN Monitor Utility

#:35 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 1120
ThreadCreationTime : 27-04-2005 14:48:05
BasePriority : Normal
FileVersion : 4.5.0.31
ProductVersion : 4.5.0.31
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:36 [hpgs2wnf.exe]
FilePath : C:\PROGRA~1\HEWLET~1\HPSHAR~1\
ProcessID : 1208
ThreadCreationTime : 27-04-2005 14:48:05
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE

#:37 [hpobrt07.exe]
FilePath : C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\
ProcessID : 1164
ThreadCreationTime : 27-04-2005 14:48:05
BasePriority : Normal
FileVersion : 2.00
ProductVersion : A.14.03.05
ProductName : hp psc 700 series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOBRT07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOBRT07.EXE
Comments : HP OfficeJet PSC 7 Series COM Device Objects

#:38 [hpoevm07.exe]
FilePath : C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\
ProcessID : 2580
ThreadCreationTime : 27-04-2005 14:48:11
BasePriority : Normal
FileVersion : 1.00
ProductVersion : A.14.03.05
ProductName : hp psc 700 series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOEVM07.EXE
Comments : HP OfficeJet COM Event Manager

#:39 [hpoipm07.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2796
ThreadCreationTime : 27-04-2005 14:48:12
BasePriority : Normal
FileVersion : 4, 5, 0, 767
ProductVersion : 4, 5, 0, 767
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe

#:40 [hposts07.exe]
FilePath : C:\Program Files\Hewlett-Packard\AiO\Shared\bin\
ProcessID : 4000
ThreadCreationTime : 27-04-2005 14:48:33
BasePriority : Normal
FileVersion : 1.00
ProductVersion : A.14.03.05
ProductName : hp psc 700 series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOCPY07.EXE
Comments : HP OfficeJet Status

#:41 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 4024
ThreadCreationTime : 27-04-2005 14:48:34
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 16


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 16




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16

15:59:11 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:10.172
Objects scanned:132356
Objects identified:1
Objects ignored:0
New critical objects:1

Couldnt see anything remotely related to SAH agent but I did everything else in the post.
  • 0

#9
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Mru item's are always safe to delete.
They aren't a threat..
If you wish to remove them, just go to "scan summary" - tab, and delete them from there.
Run couple of these online virusscans here;
- Panda Activescan
- Trend Micro
- F-secure

Trend Micro and Panda scans are recommended.
Okay, so when you have scanned, remove/fix any problems they might find.
After cleaned (if they found something),
reboot, read Logfile Posting Instructions
and post a fresh Ad-aware log in this topic.

- Rawe :tazz:
  • 0

#10
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP