Jump to content

Free help from tech experts
Welcome to Geeks to Go forums. Create a FREE account now to gain access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing topics, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. Best of all, registration and all assistance is 100% free! This message, and all ads will be removed once you have signed in.
Create an Account Login to Account

[Referred]AceBot Trojan Infection? (DrWatson Messages)


  • Please log in to reply

#1
dennismcl

dennismcl

    New Member

  • Member
  • Pip
  • 3 posts
Hi. Thank you for taking a look at this. My computer isn't incapacitated, but I've been getting the DrWatson "error" at least once a day, and googling about this indicates I might be infected with the Acebot trojan. I've tried various solutions, but I'm just not very good at deciphering my logs.

Thanks for any help!

***********
Ad-Aware SE Build 1.05
Logfile Created on:Friday, April 29, 2005 2:19:25 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:45 %
Total physical memory:522580 kb
Available physical memory:231896 kb
Total page file size:1275936 kb
Available on page file:1017836 kb
Total virtual memory:2097024 kb
Available virtual memory:2043276 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


4-29-2005 2:19:25 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 676
ThreadCreationTime : 4-29-2005 6:11:03 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 748
ThreadCreationTime : 4-29-2005 6:11:05 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 772
ThreadCreationTime : 4-29-2005 6:11:05 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 816
ThreadCreationTime : 4-29-2005 6:11:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 828
ThreadCreationTime : 4-29-2005 6:11:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 988
ThreadCreationTime : 4-29-2005 6:11:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1048
ThreadCreationTime : 4-29-2005 6:11:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1148
ThreadCreationTime : 4-29-2005 6:11:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k NetworkService
ProcessID : 1208
ThreadCreationTime : 4-29-2005 6:11:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 1296
ThreadCreationTime : 4-29-2005 6:11:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1676
ThreadCreationTime : 4-29-2005 6:11:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [acsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
ProcessID : 1772
ThreadCreationTime : 4-29-2005 6:11:08 AM
BasePriority : Normal


#:13 [mcvsrte.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding
ProcessID : 1840
ThreadCreationTime : 4-29-2005 6:11:08 AM
BasePriority : Normal
FileVersion : 9, 1, 0, 6
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:14 [mpfservice.exe]
ModuleName : C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
Command Line : C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
ProcessID : 1860
ThreadCreationTime : 4-29-2005 6:11:08 AM
BasePriority : Normal
FileVersion : 6.1.0.44
ProductVersion : 6.1.0.44
ProductName : McAfee Personal Firewall
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service

#:15 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : "C:\WINDOWS\wanmpsvc.exe"
ProcessID : 1972
ThreadCreationTime : 4-29-2005 6:11:09 AM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:16 [wltrysvc.exe]
ModuleName : C:\WINDOWS\System32\WLTRYSVC.EXE
Command Line : C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe
ProcessID : 2004
ThreadCreationTime : 4-29-2005 6:11:09 AM
BasePriority : Normal


#:17 [bcmwltry.exe]
ModuleName : C:\WINDOWS\System32\bcmwltry.exe
Command Line : C:\WINDOWS\System32\bcmwltry.exe
ProcessID : 2040
ThreadCreationTime : 4-29-2005 6:11:09 AM
BasePriority : Normal
FileVersion : 3.40.67.0
ProductVersion : 3.40.67.0
ProductName : Dell Wireless WLAN Card Wireless Network Tray Applet
CompanyName : Dell Computer Corporation
FileDescription : Dell Wireless WLAN Card Wireless Network Tray Applet
InternalName : bcmwltry.exe
LegalCopyright : 1998-2003, Dell Computer Corporation All Rights Reserved.
OriginalFilename : bcmwltry.exe

#:18 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k netsvcs
ProcessID : 120
ThreadCreationTime : 4-29-2005 6:11:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:19 [mcshield.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
ProcessID : 668
ThreadCreationTime : 4-29-2005 6:11:11 AM
BasePriority : High


#:20 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1416
ThreadCreationTime : 4-29-2005 6:11:12 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:21 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1524
ThreadCreationTime : 4-29-2005 6:11:15 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:22 [hkcmd.exe]
ModuleName : C:\WINDOWS\system32\hkcmd.exe
Command Line : "C:\WINDOWS\system32\hkcmd.exe"
ProcessID : 360
ThreadCreationTime : 4-29-2005 6:11:18 AM
BasePriority : Normal
FileVersion : 3.0.0.3889
ProductVersion : 7.0.0.3889
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : HKCMD.EXE

#:23 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
ProcessID : 488
ThreadCreationTime : 4-29-2005 6:11:18 AM
BasePriority : Normal


#:24 [syntplpr.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
ProcessID : 520
ThreadCreationTime : 4-29-2005 6:11:18 AM
BasePriority : Normal
FileVersion : 7.10.11 13May04
ProductVersion : 7.10.11 13May04
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2004
OriginalFilename : SynTPLpr.exe

#:25 [syntpenh.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
ProcessID : 596
ThreadCreationTime : 4-29-2005 6:11:18 AM
BasePriority : Normal
FileVersion : 7.10.11 13May04
ProductVersion : 7.10.11 13May04
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2004
OriginalFilename : SynTPEnh.exe

#:26 [tfswctrl.exe]
ModuleName : C:\WINDOWS\system32\dla\tfswctrl.exe
Command Line : "C:\WINDOWS\system32\dla\tfswctrl.exe"
ProcessID : 604
ThreadCreationTime : 4-29-2005 6:11:18 AM
BasePriority : Normal
FileVersion : 1.04.07b
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions

#:27 [pcmservice.exe]
ModuleName : C:\Program Files\Dell\Media Experience\PCMService.exe
Command Line : "C:\Program Files\Dell\Media Experience\PCMService.exe
ProcessID : 1652
ThreadCreationTime : 4-29-2005 6:11:19 AM
BasePriority : Normal
FileVersion : 1.0.1611
ProductVersion : 1.0.1611
ProductName : PCM2Launcher Application
CompanyName : CyberLink Corp.
FileDescription : PowerCinema Resident Program for Dell
InternalName : PowerCinema Resident Program for Dell
LegalCopyright : Copyright c 2003 CyberLink Corp.
OriginalFilename : PCM2Launcher.EXE

#:28 [dvdlauncher.exe]
ModuleName : C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
Command Line : "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
ProcessID : 724
ThreadCreationTime : 4-29-2005 6:11:19 AM
BasePriority : Normal
FileVersion : 3.00.0000
ProductVersion : 3.00.0000
ProductName : Cyberlink PowerCinema 3.0
CompanyName : CyberLink Corp.
FileDescription : CyberLink PowerCinema Resident Program
InternalName : CyberLink PowerCinema Resident Program
LegalCopyright : Copyright © 2003 CyberLink Corp.
OriginalFilename : DVDLauncher.EXE

#:29 [dadapp.exe]
ModuleName : C:\Program Files\Dell\AccessDirect\dadapp.exe
Command Line : "C:\Program Files\Dell\AccessDirect\dadapp.exe"
ProcessID : 736
ThreadCreationTime : 4-29-2005 6:11:19 AM
BasePriority : Normal


#:30 [quickset.exe]
ModuleName : C:\Program Files\Dell\QuickSet\quickset.exe
Command Line : "C:\Program Files\Dell\QuickSet\quickset.exe"
ProcessID : 644
ThreadCreationTime : 4-29-2005 6:11:20 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : QuickSet Application
FileDescription : QuickSet MFC Application
InternalName : direct
LegalCopyright : Copyright © 2001
OriginalFilename : direct.EXE

#:31 [realplay.exe]
ModuleName : C:\Program Files\Real\RealPlayer\RealPlay.exe
Command Line : "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
ProcessID : 1136
ThreadCreationTime : 4-29-2005 6:11:20 AM
BasePriority : Normal
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:32 [mcagent.exe]
ModuleName : C:\PROGRA~1\mcafee.com\agent\mcagent.exe
Command Line : "C:\PROGRA~1\mcafee.com\agent\mcagent.exe"
ProcessID : 1196
ThreadCreationTime : 4-29-2005 6:11:20 AM
BasePriority : Normal
FileVersion : 5, 1, 0, 2
ProductVersion : 5, 1, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe

#:33 [mmtask.exe]
ModuleName : C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
Command Line : "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
ProcessID : 1400
ThreadCreationTime : 4-29-2005 6:11:20 AM
BasePriority : Normal
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
LegalCopyright : TODO: © <Company name>. All rights reserved.
OriginalFilename : mmtask.exe

#:34 [mcvsshld.exe]
ModuleName : C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
Command Line : "C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
ProcessID : 1356
ThreadCreationTime : 4-29-2005 6:11:20 AM
BasePriority : Normal
FileVersion : 9, 1, 0, 6
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:35 [mscifapp.exe]
ModuleName : C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
Command Line : "C:\PROGRA~1\mcafee.com\mps\mscifapp.exe" /embedding
ProcessID : 1188
ThreadCreationTime : 4-29-2005 6:11:20 AM
BasePriority : Normal
FileVersion : 7.1.1.44
ProductVersion : 7.1.1.44
ProductName : McAfee Privacy Service
CompanyName : McAfee, Inc
FileDescription : McAfee Privacy Service
InternalName : mscifapp
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mscifapp.exe

#:36 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
ProcessID : 1444
ThreadCreationTime : 4-29-2005 6:11:20 AM
BasePriority : Normal
FileVersion : 6.0.1.2004121400
ProductVersion : 6.0.1.2004121400
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2004 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe

#:37 [mpftray.exe]
ModuleName : C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
Command Line : "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
ProcessID : 1456
ThreadCreationTime : 4-29-2005 6:11:20 AM
BasePriority : Normal
FileVersion : 6.1.0.44
ProductVersion : 6.1.0.44
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Tray Monitor
InternalName : MpfTray
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MPFTRAY.EXE
Comments : Tray Icon for McAfee Personal Firewall

#:38 [motivesb.exe]
ModuleName : C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
Command Line : "C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
ProcessID : 1464
ThreadCreationTime : 4-29-2005 6:11:20 AM
BasePriority : Normal
FileVersion : 05.00.00.asst_classic.smartbridge.20020518_104000
ProductVersion : 05.00.00.asst_classic.smartbridge
ProductName : Motive System
CompanyName : Motive Communications, Inc.
FileDescription : Motive SmartBridge
InternalName : version
LegalCopyright : Copyright 1998, 1999, 2000
OriginalFilename : version

#:39 [dsagnt.exe]
ModuleName : C:\Program Files\Dell Support\DSAgnt.exe
Command Line : "C:\Program Files\Dell Support\DSAgnt.exe" /startup
ProcessID : 1472
ThreadCreationTime : 4-29-2005 6:11:21 AM
BasePriority : ?
FileVersion : 1, 1, 0, 73
ProductVersion : 1, 1, 0, 73
ProductName : Dell Support
CompanyName : Gteko Ltd.
FileDescription : Dell Support
InternalName : AUAgent
LegalCopyright : Copyright © 2000 - 2004 Gteko Ltd.
OriginalFilename : AUAgent.exe

#:40 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 576
ThreadCreationTime : 4-29-2005 6:11:21 AM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:41 [dlg.exe]
ModuleName : C:\Program Files\Digital Line Detect\DLG.exe
Command Line : "C:\Program Files\Digital Line Detect\DLG.exe"
ProcessID : 200
ThreadCreationTime : 4-29-2005 6:11:21 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe

#:42 [mcvsescn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\mcvsescn.exe
Command Line : "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled
ProcessID : 1604
ThreadCreationTime : 4-29-2005 6:11:22 AM
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:43 [mpfagent.exe]
ModuleName : C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
Command Line : C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe -Embedding
ProcessID : 2624
ThreadCreationTime : 4-29-2005 6:11:27 AM
BasePriority : Normal
FileVersion : 6.1.0.44
ProductVersion : 6.1.0.44
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Agent Interface
InternalName : MpfAgent
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MPFAGENT.EXE
Comments : McAfee Personal Firewall Security Center Module

#:44 [mcvsftsn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\mcvsftsn.exe
Command Line : c:\progra~1\mcafee.com\vso\mcvsftsn.exe -Embedding
ProcessID : 2840
ThreadCreationTime : 4-29-2005 6:11:31 AM
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsftsn.EXE
Comments : McAfee VirusScan Instant Messenger Scan Module

#:45 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\IEXPLORE.EXE
Command Line : "C:\Program Files\Internet Explorer\IEXPLORE.EXE
ProcessID : 3900
ThreadCreationTime : 4-29-2005 6:14:56 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:46 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
ProcessID : 2480
ThreadCreationTime : 4-29-2005 6:17:02 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 0


2:29:31 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:05.871
Objects scanned:111732
Objects identified:0
Objects ignored:0
New critical objects:0
  • 0

Similar Topics: [Referred]AceBot Trojan Infection? (DrWatson Messages)     x


#2
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi.
Your Ad-aware scan log seems to be clean. Good!
Run these online virus scans here;
- Panda Activescan
- F-secure
- Trend Micro

After scanned with them, remove/fix any problem they might find.
Then, when cleaned (if they found something), reboot, read Logfile Posting Instructions
and post a fresh Ad-aware log here.

- Rawe :tazz:

(Also, remember to delete all tracking cookies from your system before scanning..)
  • 0

#3
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
More Online scans


Panda

Symantec

McAfee

TrendMicro Recommended

F-secure


Keep us updated
  • 0

#4
dennismcl

dennismcl

    New Member

  • Member
  • Pip
  • 3 posts
Okay, I ran all of those online scans and came up clean, with the exception of SaveNow which Panda identified as a trojan but could not clean or disable.

I did a little research into SaveNow and came away with the impression that it's relatively minor so I'm not too concerned about it, although I still think I might have the Acebot Trojan somewhere since the Dr Watson Debugger Error still happens about once a day.

Here are the results of the follow up Ad Aware scan I just performed.

Thanks, again, for helping me with this!

Ad-Aware SE Build 1.05
Logfile Created on:Saturday, April 30, 2005 3:54:06 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:45 %
Total physical memory:522580 kb
Available physical memory:230180 kb
Total page file size:1275936 kb
Available on page file:1009032 kb
Total virtual memory:2097024 kb
Available virtual memory:2043284 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


4-30-2005 3:54:06 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
    ModuleName        : \SystemRoot\System32\smss.exe
    Command Line      : n/a
    ProcessID          : 672
    ThreadCreationTime : 4-30-2005 7:47:58 AM
    BasePriority      : Normal


#:2 [csrss.exe]
    ModuleName        : \??\C:\WINDOWS\system32\csrss.exe
    Command Line      : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
    ProcessID          : 744
    ThreadCreationTime : 4-30-2005 7:48:00 AM
    BasePriority      : Normal


#:3 [winlogon.exe]
    ModuleName        : \??\C:\WINDOWS\system32\winlogon.exe
    Command Line      : winlogon.exe
    ProcessID          : 768
    ThreadCreationTime : 4-30-2005 7:48:00 AM
    BasePriority      : High


#:4 [services.exe]
    ModuleName        : C:\WINDOWS\system32\services.exe
    Command Line      : C:\WINDOWS\system32\services.exe
    ProcessID          : 812
    ThreadCreationTime : 4-30-2005 7:48:01 AM
    BasePriority      : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion    : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Services and Controller app
    InternalName      : services.exe
    LegalCopyright    : © Microsoft Corporation. All rights reserved.
    OriginalFilename  : services.exe

#:5 [lsass.exe]
    ModuleName        : C:\WINDOWS\system32\lsass.exe
    Command Line      : C:\WINDOWS\system32\lsass.exe
    ProcessID          : 824
    ThreadCreationTime : 4-30-2005 7:48:01 AM
    BasePriority      : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion    : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : LSA Shell (Export Version)
    InternalName      : lsass.exe
    LegalCopyright    : © Microsoft Corporation. All rights reserved.
    OriginalFilename  : lsass.exe

#:6 [svchost.exe]
    ModuleName        : C:\WINDOWS\system32\svchost.exe
    Command Line      : C:\WINDOWS\system32\svchost -k DcomLaunch
    ProcessID          : 984
    ThreadCreationTime : 4-30-2005 7:48:01 AM
    BasePriority      : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion    : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName      : svchost.exe
    LegalCopyright    : © Microsoft Corporation. All rights reserved.
    OriginalFilename  : svchost.exe

#:7 [svchost.exe]
    ModuleName        : C:\WINDOWS\system32\svchost.exe
    Command Line      : C:\WINDOWS\system32\svchost -k rpcss
    ProcessID          : 1048
    ThreadCreationTime : 4-30-2005 7:48:02 AM
    BasePriority      : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion    : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName      : svchost.exe
    LegalCopyright    : © Microsoft Corporation. All rights reserved.
    OriginalFilename  : svchost.exe

#:8 [svchost.exe]
    ModuleName        : C:\WINDOWS\System32\svchost.exe
    Command Line      : C:\WINDOWS\System32\svchost.exe -k netsvcs
    ProcessID          : 1148
    ThreadCreationTime : 4-30-2005 7:48:02 AM
    BasePriority      : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion    : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName      : svchost.exe
    LegalCopyright    : © Microsoft Corporation. All rights reserved.
    OriginalFilename  : svchost.exe

#:9 [svchost.exe]
    ModuleName        : C:\WINDOWS\system32\svchost.exe
    Command Line      : C:\WINDOWS\system32\svchost.exe -k NetworkService
    ProcessID          : 1192
    ThreadCreationTime : 4-30-2005 7:48:02 AM
    BasePriority      : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion    : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName      : svchost.exe
    LegalCopyright    : © Microsoft Corporation. All rights reserved.
    OriginalFilename  : svchost.exe

#:10 [svchost.exe]
    ModuleName        : C:\WINDOWS\system32\svchost.exe
    Command Line      : C:\WINDOWS\system32\svchost.exe -k LocalService
    ProcessID          : 1272
    ThreadCreationTime : 4-30-2005 7:48:02 AM
    BasePriority      : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion    : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName      : svchost.exe
    LegalCopyright    : © Microsoft Corporation. All rights reserved.
    OriginalFilename  : svchost.exe

#:11 [spoolsv.exe]
    ModuleName        : C:\WINDOWS\system32\spoolsv.exe
    Command Line      : C:\WINDOWS\system32\spoolsv.exe
    ProcessID          : 1680
    ThreadCreationTime : 4-30-2005 7:48:03 AM
    BasePriority      : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion    : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Spooler SubSystem App
    InternalName      : spoolsv.exe
    LegalCopyright    : © Microsoft Corporation. All rights reserved.
    OriginalFilename  : spoolsv.exe

#:12 [acsd.exe]
    ModuleName        : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    Command Line      : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    ProcessID          : 1780
    ThreadCreationTime : 4-30-2005 7:48:03 AM
    BasePriority      : Normal


#:13 [mcvsrte.exe]
    ModuleName        : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    Command Line      : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding
    ProcessID          : 1840
    ThreadCreationTime : 4-30-2005 7:48:03 AM
    BasePriority      : Normal
    FileVersion        : 9, 1, 0, 6
    ProductVersion    : 9, 1, 0, 0
    ProductName        : McAfee VirusScan
    CompanyName        : McAfee, Inc
    FileDescription    : McAfee VirusScan Real-time Engine
    InternalName      : mcvsrte
    LegalCopyright    : Copyright © 2005 McAfee, Inc. All Rights Reserved.
    OriginalFilename  : mcvsrte.exe
    Comments          : McAfee VirusScan Real-time Engine

#:14 [mpfservice.exe]
    ModuleName        : C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    Command Line      : C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    ProcessID          : 1856
    ThreadCreationTime : 4-30-2005 7:48:03 AM
    BasePriority      : Normal
    FileVersion        : 6.1.0.44
    ProductVersion    : 6.1.0.44
    ProductName        : McAfee Personal Firewall
    CompanyName        : McAfee Corporation
    FileDescription    : McAfee Personal Firewall Service
    InternalName      : MPFService
    LegalCopyright    : Copyright © 2005 McAfee, Inc. All Rights Reserved.
    OriginalFilename  : MpfService.exe
    Comments          : McAfee Personal Firewall Service

#:15 [wanmpsvc.exe]
    ModuleName        : C:\WINDOWS\wanmpsvc.exe
    Command Line      : "C:\WINDOWS\wanmpsvc.exe"
    ProcessID          : 1996
    ThreadCreationTime : 4-30-2005 7:48:04 AM
    BasePriority      : Normal
    FileVersion        : 7, 0, 0, 2
    ProductVersion    : 7, 0, 0, 2
    ProductName        : America Online
    CompanyName        : America Online, Inc.
    FileDescription    : Wan Miniport (ATW) Service
    InternalName      : WanMPSvc
    LegalCopyright    : Copyright © 2001 America Online, Inc.
    OriginalFilename  : WanMPSvc.exe

#:16 [wltrysvc.exe]
    ModuleName        : C:\WINDOWS\System32\WLTRYSVC.EXE
    Command Line      : C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe
    ProcessID          : 2024
    ThreadCreationTime : 4-30-2005 7:48:04 AM
    BasePriority      : Normal


#:17 [bcmwltry.exe]
    ModuleName        : C:\WINDOWS\System32\bcmwltry.exe
    Command Line      : C:\WINDOWS\System32\bcmwltry.exe
    ProcessID          : 140
    ThreadCreationTime : 4-30-2005 7:48:04 AM
    BasePriority      : Normal
    FileVersion        : 3.40.67.0
    ProductVersion    : 3.40.67.0
    ProductName        : Dell Wireless WLAN Card Wireless Network Tray Applet
    CompanyName        : Dell Computer Corporation
    FileDescription    : Dell Wireless WLAN Card Wireless Network Tray Applet
    InternalName      : bcmwltry.exe
    LegalCopyright    : 1998-2003, Dell Computer Corporation All Rights Reserved.
    OriginalFilename  : bcmwltry.exe

#:18 [svchost.exe]
    ModuleName        : C:\WINDOWS\system32\svchost.exe
    Command Line      : C:\WINDOWS\system32\svchost.exe -k netsvcs
    ProcessID          : 152
    ThreadCreationTime : 4-30-2005 7:48:04 AM
    BasePriority      : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion    : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName      : svchost.exe
    LegalCopyright    : © Microsoft Corporation. All rights reserved.
    OriginalFilename  : svchost.exe

#:19 [mcshield.exe]
    ModuleName        : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    Command Line      : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    ProcessID          : 708
    ThreadCreationTime : 4-30-2005 7:48:06 AM
    BasePriority      : High


#:20 [explorer.exe]
    ModuleName        : C:\WINDOWS\Explorer.EXE
    Command Line      : C:\WINDOWS\Explorer.EXE
    ProcessID          : 488
    ThreadCreationTime : 4-30-2005 7:48:13 AM
    BasePriority      : Normal
    FileVersion        : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion    : 6.00.2900.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows Explorer
    InternalName      : explorer
    LegalCopyright    : © Microsoft Corporation. All rights reserved.
    OriginalFilename  : EXPLORER.EXE

#:21 [alg.exe]
    ModuleName        : C:\WINDOWS\System32\alg.exe
    Command Line      : C:\WINDOWS\System32\alg.exe
    ProcessID          : 540
    ThreadCreationTime : 4-30-2005 7:48:13 AM
    BasePriority      : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion    : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Application Layer Gateway Service
    InternalName      : ALG.exe
    LegalCopyright    : © Microsoft Corporation. All rights reserved.
    OriginalFilename  : ALG.exe

#:22 [hkcmd.exe]
    ModuleName        : C:\WINDOWS\system32\hkcmd.exe
    Command Line      : "C:\WINDOWS\system32\hkcmd.exe"
    ProcessID          : 500
    ThreadCreationTime : 4-30-2005 7:48:16 AM
    BasePriority      : Normal
    FileVersion        : 3.0.0.3889
    ProductVersion    : 7.0.0.3889
    ProductName        : Intel® Common User Interface
    CompanyName        : Intel Corporation
    FileDescription    : hkcmd Module
    InternalName      : HKCMD
    LegalCopyright    : Copyright 1999-2002, Intel Corporation
    OriginalFilename  : HKCMD.EXE

#:23 [jusched.exe]
    ModuleName        : C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    Command Line      : "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
    ProcessID          : 1328
    ThreadCreationTime : 4-30-2005 7:48:16 AM
    BasePriority      : Normal


#:24 [syntplpr.exe]
    ModuleName        : C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    Command Line      : "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
    ProcessID          : 1336
    ThreadCreationTime : 4-30-2005 7:48:16 AM
    BasePriority      : Normal
    FileVersion        : 7.10.11 13May04
    ProductVersion    : 7.10.11 13May04
    ProductName        : Progressive Touch
    CompanyName        : Synaptics, Inc.
    FileDescription    : TouchPad Driver Helper Application
    InternalName      : SynTPLpr
    LegalCopyright    : Copyright © Synaptics, Inc. 1996-2004
    OriginalFilename  : SynTPLpr.exe

#:25 [syntpenh.exe]
    ModuleName        : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    Command Line      : "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    ProcessID          : 516
    ThreadCreationTime : 4-30-2005 7:48:16 AM
    BasePriority      : Normal
    FileVersion        : 7.10.11 13May04
    ProductVersion    : 7.10.11 13May04
    ProductName        : Progressive Touch
    CompanyName        : Synaptics, Inc.
    FileDescription    : Synaptics TouchPad Enhancements
    InternalName      : Scrolleroo
    LegalCopyright    : Copyright © Synaptics, Inc. 1996-2004
    OriginalFilename  : SynTPEnh.exe

#:26 [tfswctrl.exe]
    ModuleName        : C:\WINDOWS\system32\dla\tfswctrl.exe
    Command Line      : "C:\WINDOWS\system32\dla\tfswctrl.exe"
    ProcessID          : 580
    ThreadCreationTime : 4-30-2005 7:48:16 AM
    BasePriority      : Normal
    FileVersion        : 1.04.07b
    CompanyName        : Sonic Solutions
    FileDescription    : Drive Letter Access Component
    LegalCopyright    : Copyright © 2004 Sonic Solutions

#:27 [pcmservice.exe]
    ModuleName        : C:\Program Files\Dell\Media Experience\PCMService.exe
    Command Line      : "C:\Program Files\Dell\Media Experience\PCMService.exe 
    ProcessID          : 1476
    ThreadCreationTime : 4-30-2005 7:48:16 AM
    BasePriority      : Normal
    FileVersion        : 1.0.1611
    ProductVersion    : 1.0.1611
    ProductName        : PCM2Launcher Application
    CompanyName        : CyberLink Corp.
    FileDescription    : PowerCinema Resident Program for Dell
    InternalName      : PowerCinema Resident Program for Dell
    LegalCopyright    : Copyright c 2003 CyberLink Corp.
    OriginalFilename  : PCM2Launcher.EXE

#:28 [dvdlauncher.exe]
    ModuleName        : C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    Command Line      : "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    ProcessID          : 1492
    ThreadCreationTime : 4-30-2005 7:48:17 AM
    BasePriority      : Normal
    FileVersion        : 3.00.0000
    ProductVersion    : 3.00.0000
    ProductName        : Cyberlink PowerCinema 3.0
    CompanyName        : CyberLink Corp.
    FileDescription    : CyberLink PowerCinema Resident Program
    InternalName      : CyberLink PowerCinema Resident Program
    LegalCopyright    : Copyright © 2003 CyberLink Corp.
    OriginalFilename  : DVDLauncher.EXE

#:29 [dadapp.exe]
    ModuleName        : C:\Program Files\Dell\AccessDirect\dadapp.exe
    Command Line      : "C:\Program Files\Dell\AccessDirect\dadapp.exe"
    ProcessID          : 1556
    ThreadCreationTime : 4-30-2005 7:48:17 AM
    BasePriority      : Normal


#:30 [quickset.exe]
    ModuleName        : C:\Program Files\Dell\QuickSet\quickset.exe
    Command Line      : "C:\Program Files\Dell\QuickSet\quickset.exe"
    ProcessID          : 1568
    ThreadCreationTime : 4-30-2005 7:48:17 AM
    BasePriority      : Normal
    FileVersion        : 1, 0, 0, 1
    ProductVersion    : 1, 0, 0, 1
    ProductName        : QuickSet Application
    FileDescription    : QuickSet MFC Application
    InternalName      : direct
    LegalCopyright    : Copyright © 2001
    OriginalFilename  : direct.EXE

#:31 [realplay.exe]
    ModuleName        : C:\Program Files\Real\RealPlayer\RealPlay.exe
    Command Line      : "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
    ProcessID          : 1312
    ThreadCreationTime : 4-30-2005 7:48:17 AM
    BasePriority      : Normal
    FileVersion        : 6.0.9.584
    ProductVersion    : 6.0.9.584
    ProductName        : RealPlayer (32-bit)
    CompanyName        : RealNetworks, Inc.
    FileDescription    : RealPlayer
    InternalName      : REALPLAY
    LegalCopyright    : Copyright © RealNetworks, Inc. 1995-2000
    LegalTrademarks    : RealAudio™ is a trademark of RealNetworks, Inc.
    OriginalFilename  : REALPLAY.EXE

#:32 [mcagent.exe]
    ModuleName        : C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    Command Line      : "C:\PROGRA~1\mcafee.com\agent\mcagent.exe"
    ProcessID          : 2052
    ThreadCreationTime : 4-30-2005 7:48:18 AM
    BasePriority      : Normal
    FileVersion        : 5, 1, 0, 2
    ProductVersion    : 5, 1, 0, 0
    ProductName        : McAfee SecurityCenter
    CompanyName        : McAfee, Inc
    FileDescription    : McAfee SecurityCenter Agent
    InternalName      : mcagent
    LegalCopyright    : Copyright © 2005 McAfee, Inc.
    OriginalFilename  : mcagent.exe

#:33 [mmtask.exe]
    ModuleName        : C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    Command Line      : "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
    ProcessID          : 2076
    ThreadCreationTime : 4-30-2005 7:48:18 AM
    BasePriority      : Normal
    FileVersion        : 1.0.0.1
    ProductVersion    : 1.0.0.1
    ProductName        : TODO: <Product name>
    CompanyName        : TODO: <Company name>
    FileDescription    : TODO: <File description>
    InternalName      : mmtask.exe
    LegalCopyright    : TODO: © <Company name>.  All rights reserved.
    OriginalFilename  : mmtask.exe

#:34 [mcvsshld.exe]
    ModuleName        : C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    Command Line      : "C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    ProcessID          : 2084
    ThreadCreationTime : 4-30-2005 7:48:18 AM
    BasePriority      : Normal
    FileVersion        : 9, 1, 0, 6
    ProductVersion    : 9, 1, 0, 0
    ProductName        : McAfee VirusScan
    CompanyName        : McAfee, Inc.
    FileDescription    : McAfee VirusScan ActiveShield Resource
    InternalName      : msvcshld
    LegalCopyright    : Copyright © 2005 McAfee, Inc. All Rights Reserved.
    OriginalFilename  : mcvsshld.exe
    Comments          : McAfee VirusScan ActiveShield Resource

#:35 [mscifapp.exe]
    ModuleName        : C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    Command Line      : "C:\PROGRA~1\mcafee.com\mps\mscifapp.exe" /embedding
    ProcessID          : 2092
    ThreadCreationTime : 4-30-2005 7:48:18 AM
    BasePriority      : Normal
    FileVersion        : 7.1.1.44
    ProductVersion    : 7.1.1.44
    ProductName        : McAfee Privacy Service
    CompanyName        : McAfee, Inc
    FileDescription    : McAfee Privacy Service
    InternalName      : mscifapp
    LegalCopyright    : Copyright © 2005 McAfee, Inc.
    OriginalFilename  : mscifapp.exe

#:36 [acrotray.exe]
    ModuleName        : C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    Command Line      : "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    ProcessID          : 2100
    ThreadCreationTime : 4-30-2005 7:48:18 AM
    BasePriority      : Normal
    FileVersion        : 6.0.1.2004121400
    ProductVersion    : 6.0.1.2004121400
    ProductName        : AcroTray - Adobe Acrobat Distiller helper application.
    CompanyName        : Adobe Systems Inc.
    FileDescription    : AcroTray
    InternalName      : AcroTray
    LegalCopyright    : Copyright 1984-2004 Adobe Systems Incorporated and its licensors. All rights reserved.
    OriginalFilename  : AcroTray.exe

#:37 [mpftray.exe]
    ModuleName        : C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    Command Line      : "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe 
    ProcessID          : 2108
    ThreadCreationTime : 4-30-2005 7:48:18 AM
    BasePriority      : Normal
    FileVersion        : 6.1.0.44
    ProductVersion    : 6.1.0.44
    ProductName        : McAfee Personal Firewall (MPF)
    CompanyName        : McAfee Security
    FileDescription    : McAfee Personal Firewall Tray Monitor
    InternalName      : MpfTray
    LegalCopyright    : Copyright © 2005 McAfee, Inc. All Rights Reserved.
    OriginalFilename  : MPFTRAY.EXE
    Comments          : Tray Icon for McAfee Personal Firewall

#:38 [motivesb.exe]
    ModuleName        : C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    Command Line      : "C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe 
    ProcessID          : 2116
    ThreadCreationTime : 4-30-2005 7:48:18 AM
    BasePriority      : Normal
    FileVersion        : 05.00.00.asst_classic.smartbridge.20020518_104000
    ProductVersion    : 05.00.00.asst_classic.smartbridge
    ProductName        : Motive System
    CompanyName        : Motive Communications, Inc.
    FileDescription    : Motive SmartBridge
    InternalName      : version
    LegalCopyright    : Copyright 1998, 1999, 2000
    OriginalFilename  : version

#:39 [dsagnt.exe]
    ModuleName        : C:\Program Files\Dell Support\DSAgnt.exe
    Command Line      : "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    ProcessID          : 2124
    ThreadCreationTime : 4-30-2005 7:48:18 AM
    BasePriority      : ?
    FileVersion        : 1, 1, 0, 73
    ProductVersion    : 1, 1, 0, 73
    ProductName        : Dell Support
    CompanyName        : Gteko Ltd.
    FileDescription    : Dell Support
    InternalName      : AUAgent
    LegalCopyright    : Copyright © 2000 - 2004 Gteko Ltd.
    OriginalFilename  : AUAgent.exe

#:40 [msmsgs.exe]
    ModuleName        : C:\Program Files\Messenger\msmsgs.exe
    Command Line      : "C:\Program Files\Messenger\msmsgs.exe" /background
    ProcessID          : 2132
    ThreadCreationTime : 4-30-2005 7:48:18 AM
    BasePriority      : Normal
    FileVersion        : 4.7.3001
    ProductVersion    : Version 4.7.3001
    ProductName        : Messenger
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows Messenger
    InternalName      : msmsgs
    LegalCopyright    : Copyright © Microsoft Corporation 2004
    LegalTrademarks    : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
    OriginalFilename  : msmsgs.exe

#:41 [dlg.exe]
    ModuleName        : C:\Program Files\Digital Line Detect\DLG.exe
    Command Line      : "C:\Program Files\Digital Line Detect\DLG.exe"
    ProcessID          : 2176
    ThreadCreationTime : 4-30-2005 7:48:19 AM
    BasePriority      : Normal
    FileVersion        : 1, 0, 0, 1
    ProductVersion    : 1, 0, 0, 1
    ProductName        : BVRP Software TestLine
    CompanyName        : BVRP Software
    FileDescription    : Digital Line Detection
    InternalName      : TestLine
    LegalCopyright    : Copyright © 2003
    OriginalFilename  : TestLine.exe

#:42 [mcvsescn.exe]
    ModuleName        : c:\progra~1\mcafee.com\vso\mcvsescn.exe
    Command Line      : "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled
    ProcessID          : 2192
    ThreadCreationTime : 4-30-2005 7:48:19 AM
    BasePriority      : Normal
    FileVersion        : 9, 1, 0, 4
    ProductVersion    : 9, 1, 0, 0
    ProductName        : McAfee VirusScan
    CompanyName        : McAfee, Inc.
    FileDescription    : McAfee VirusScan E-mail Scan Module
    InternalName      : mcvsescn
    LegalCopyright    : Copyright © 2005 McAfee, Inc. All Rights Reserved.
    OriginalFilename  : mcvsescn.EXE
    Comments          : McAfee VirusScan E-mail Scan Module

#:43 [mpfagent.exe]
    ModuleName        : C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    Command Line      : C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe -Embedding
    ProcessID          : 2672
    ThreadCreationTime : 4-30-2005 7:48:25 AM
    BasePriority      : Normal
    FileVersion        : 6.1.0.44
    ProductVersion    : 6.1.0.44
    ProductName        : McAfee Personal Firewall (MPF)
    CompanyName        : McAfee Security
    FileDescription    : McAfee Personal Firewall Agent Interface
    InternalName      : MpfAgent
    LegalCopyright    : Copyright © 2005 McAfee, Inc. All Rights Reserved.
    OriginalFilename  : MPFAGENT.EXE
    Comments          : McAfee Personal Firewall Security Center Module

#:44 [mcvsftsn.exe]
    ModuleName        : c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    Command Line      : c:\progra~1\mcafee.com\vso\mcvsftsn.exe -Embedding
    ProcessID          : 2984
    ThreadCreationTime : 4-30-2005 7:48:30 AM
    BasePriority      : Normal
    FileVersion        : 9, 1, 0, 4
    ProductVersion    : 9, 1, 0, 0
    ProductName        : McAfee VirusScan
    CompanyName        : McAfee, Inc.
    FileDescription    : McAfee VirusScan Instant Messenger Scan Module
    InternalName      : mcvsftsn
    LegalCopyright    : Copyright © 2005 McAfee, Inc. All Rights Reserved.
    OriginalFilename  : mcvsftsn.EXE
    Comments          : McAfee VirusScan Instant Messenger Scan Module

#:45 [wuauclt.exe]
    ModuleName        : C:\WINDOWS\system32\wuauclt.exe
    Command Line      : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[98]SUSDSf8541f9a6042b74ebaecd90cb5f9ff3d
    ProcessID          : 3972
    ThreadCreationTime : 4-30-2005 7:48:50 AM
    BasePriority      : Normal
    FileVersion        : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
    ProductVersion    : 5.4.3790.2182
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Automatic Updates
    InternalName      : wuauclt.exe
    LegalCopyright    : © Microsoft Corporation. All rights reserved.
    OriginalFilename  : wuauclt.exe

#:46 [iexplore.exe]
    ModuleName        : C:\Program Files\Internet Explorer\IEXPLORE.EXE
    Command Line      : "C:\Program Files\Internet Explorer\IEXPLORE.EXE 
    ProcessID          : 2844
    ThreadCreationTime : 4-30-2005 7:51:04 AM
    BasePriority      : Normal
    FileVersion        : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion    : 6.00.2900.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Internet Explorer
    InternalName      : iexplore
    LegalCopyright    : © Microsoft Corporation. All rights reserved.
    OriginalFilename  : IEXPLORE.EXE

#:47 [ad-aware.exe]
    ModuleName        : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    Command Line      : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe 
    ProcessID          : 3984
    ThreadCreationTime : 4-30-2005 7:51:54 AM
    BasePriority      : Normal
    FileVersion        : 6.2.0.206
    ProductVersion    : VI.Second Edition
    ProductName        : Lavasoft Ad-Aware SE
    CompanyName        : Lavasoft Sweden
    FileDescription    : Ad-Aware SE Core application
    InternalName      : Ad-Aware.exe
    LegalCopyright    : Copyright © Lavasoft Sweden
    OriginalFilename  : Ad-Aware.exe
    Comments          : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 0


4:04:29 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:22.225
Objects scanned:110465
Objects identified:0
Objects ignored:0
New critical objects:0


  • 0

#5
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Your logfile seems to be clean.
Do you still have problems?
If so, let's wait an Ad-aware Expert to come, and move (referr) this topic to Malware forums.

- Rawe :tazz:

Edited by Rawe, 30 April 2005 - 06:03 AM.

  • 0

#6
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
As you are still having problems and it can not be solved from the use of Ad-aware SE please see my advise below.

:tazz:
  • 0

#7
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0

#8
dennismcl

dennismcl

    New Member

  • Member
  • Pip
  • 3 posts
Okay, thanks again for all of your attention so far. Since I'm still experiencing the DrWatson error, albeit only once a day or so, I figured I should take this next step and post a Hijackthis log.

Any help will, of course, be greatly appreciated!

Logfile of HijackThis v1.99.1
Scan saved at 10:58:01 PM, on 4/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Den\Desktop\Anti-Virus Tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...34/sdcregie.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {FC0A65F2-8DFF-4F0F-B411-D4A50311628D} (XMRADIO.XM_SystemProfiler) - http://xmro.xmradio..../xmprofiler.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


Edited by dennismcl, 30 April 2005 - 09:03 PM.

  • 0


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured