[Kizza*]

Hi. In the past couple of days i've been hit by smitfraud.c. Blue desk top with the security warning. Little yellow triangle warning sign in the toolbar. So i've installed avast and run some full & boot scans and removed what ever was found. I've updated my sygate firewall. I'm now follow the advice of this forum starting with Ad-adware... Here's my log..

I'm no computer wizard but I don't think i'm a simpleton either (yet) I hope someone can begin to help me.

Thanks

Kizza*




ArchiveData(auto-quarantine- 2005-04-30 15-08-19.bckp)
Referencefile : SE1R42 28.04.2005
======================================================

MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\Documents and Settings\Default\Application Data\microsoft\office\recent\My Webs.LNK
obj[1]=MRU FileReference : C:\Documents and Settings\Default\recent\Desktop.ini
obj[2]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles\c1
obj[3]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles\c2
obj[4]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles\c3
obj[5]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles\c4
obj[6]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles\c5
obj[7]=MRU FileReference : C:\Documents and Settings\Default\Application Data\microsoft\office\recent\photo_albums.LNK
obj[8]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\ahead\cover designer\recent file list
obj[9]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\ahead\nero - burning rom\recent file list
obj[10]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\ahead\nero wave editor\recent file list
obj[11]=MRU RegReference : .DEFAULT\software\macromedia\director\7.0\recentfiles
obj[12]=MRU RegReference : S-1-5-18\software\macromedia\director\7.0\recentfiles
obj[13]=MRU RegReference : S-1-5-19\software\macromedia\director\7.0\recentfiles
obj[14]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[15]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[16]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[17]=MRU RegReference : .DEFAULT\software\microsoft\directinput\mostrecentapplication name
obj[18]=MRU RegReference : S-1-5-18\software\microsoft\directinput\mostrecentapplication name
obj[19]=MRU RegReference : S-1-5-19\software\microsoft\directinput\mostrecentapplication name
obj[20]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\directinput\mostrecentapplication name
obj[21]=MRU RegReference : .DEFAULT\software\microsoft\directinput\mostrecentapplication id
obj[22]=MRU RegReference : S-1-5-18\software\microsoft\directinput\mostrecentapplication id
obj[23]=MRU RegReference : S-1-5-19\software\microsoft\directinput\mostrecentapplication id
obj[24]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\directinput\mostrecentapplication id
obj[25]=MRU RegReference : .DEFAULT\software\microsoft\frontpage defaultsave
obj[26]=MRU RegReference : S-1-5-18\software\microsoft\frontpage defaultsave
obj[27]=MRU RegReference : S-1-5-19\software\microsoft\frontpage defaultsave
obj[28]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\frontpage defaultsave
obj[29]=MRU RegReference : .DEFAULT\software\microsoft\frontpage\editor\insert hyperlink\recently used urls
obj[30]=MRU RegReference : S-1-5-18\software\microsoft\frontpage\editor\insert hyperlink\recently used urls
obj[31]=MRU RegReference : S-1-5-19\software\microsoft\frontpage\editor\insert hyperlink\recently used urls
obj[32]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\frontpage\editor\insert hyperlink\recently used urls
obj[33]=MRU RegReference : .DEFAULT\software\microsoft\frontpage\editor\insert image\recently used urls
obj[34]=MRU RegReference : S-1-5-18\software\microsoft\frontpage\editor\insert image\recently used urls
obj[35]=MRU RegReference : S-1-5-19\software\microsoft\frontpage\editor\insert image\recently used urls
obj[36]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\frontpage\editor\insert image\recently used urls
obj[37]=MRU RegReference : .DEFAULT\software\microsoft\frontpage\explorer\navigation\mrulist
obj[38]=MRU RegReference : S-1-5-18\software\microsoft\frontpage\explorer\navigation\mrulist
obj[39]=MRU RegReference : S-1-5-19\software\microsoft\frontpage\explorer\navigation\mrulist
obj[40]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\frontpage\explorer\navigation\mrulist
obj[41]=MRU RegReference : .DEFAULT\software\microsoft\internet explorer download directory
obj[42]=MRU RegReference : S-1-5-18\software\microsoft\internet explorer download directory
obj[43]=MRU RegReference : S-1-5-19\software\microsoft\internet explorer download directory
obj[44]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\internet explorer download directory
obj[45]=MRU RegReference : .DEFAULT\software\microsoft\internet explorer\main save directory
obj[46]=MRU RegReference : S-1-5-18\software\microsoft\internet explorer\main save directory
obj[47]=MRU RegReference : S-1-5-19\software\microsoft\internet explorer\main save directory
obj[48]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\internet explorer\main save directory
obj[49]=MRU RegReference : .DEFAULT\software\microsoft\internet explorer\typedurls
obj[50]=MRU RegReference : S-1-5-18\software\microsoft\internet explorer\typedurls
obj[51]=MRU RegReference : S-1-5-19\software\microsoft\internet explorer\typedurls
obj[52]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\internet explorer\typedurls
obj[53]=MRU RegReference : software\microsoft\internet explorer\typedurls
obj[54]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\mediaplayer\medialibraryui mllastselectednode
obj[55]=MRU RegReference : .DEFAULT\software\microsoft\mediaplayer\player\recentfilelist
obj[56]=MRU RegReference : S-1-5-18\software\microsoft\mediaplayer\player\recentfilelist
obj[57]=MRU RegReference : S-1-5-19\software\microsoft\mediaplayer\player\recentfilelist
obj[58]=MRU RegReference : .DEFAULT\software\microsoft\mediaplayer\player\settings saveasdir
obj[59]=MRU RegReference : S-1-5-18\software\microsoft\mediaplayer\player\settings saveasdir
obj[60]=MRU RegReference : S-1-5-19\software\microsoft\mediaplayer\player\settings saveasdir
obj[61]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\mediaplayer\player\settings saveasdir
obj[62]=MRU RegReference : .DEFAULT\software\microsoft\mediaplayer\player\settings opendir
obj[63]=MRU RegReference : S-1-5-18\software\microsoft\mediaplayer\player\settings opendir
obj[64]=MRU RegReference : S-1-5-19\software\microsoft\mediaplayer\player\settings opendir
obj[65]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\mediaplayer\player\settings opendir
obj[66]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\mediaplayer\preferences cdrecordpath
obj[67]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\mediaplayer\preferences lastplaylistindex
obj[68]=MRU RegReference : .DEFAULT\software\microsoft\mediaplayer\preferences lastplaylist
obj[69]=MRU RegReference : S-1-5-18\software\microsoft\mediaplayer\preferences lastplaylist
obj[70]=MRU RegReference : S-1-5-19\software\microsoft\mediaplayer\preferences lastplaylist
obj[71]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\mediaplayer\preferences lastplaylist
obj[72]=MRU RegReference : .DEFAULT\software\microsoft\mediaplayer\radio\mrulist
obj[73]=MRU RegReference : S-1-5-18\software\microsoft\mediaplayer\radio\mrulist
obj[74]=MRU RegReference : S-1-5-19\software\microsoft\mediaplayer\radio\mrulist
obj[75]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\mediaplayer\radio\mrulist
obj[76]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\microsoft management console\recent file list
obj[77]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\ntbackup\log files
obj[78]=MRU RegReference : .DEFAULT\software\microsoft\office\8.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru value
obj[79]=MRU RegReference : S-1-5-18\software\microsoft\office\8.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru value
obj[80]=MRU RegReference : S-1-5-19\software\microsoft\office\8.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru value
obj[81]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\office\8.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru value
obj[82]=MRU RegReference : .DEFAULT\software\microsoft\office\8.0\common\open find\microsoft word\settings\open\file name mru value
obj[83]=MRU RegReference : S-1-5-18\software\microsoft\office\8.0\common\open find\microsoft word\settings\open\file name mru value
obj[84]=MRU RegReference : S-1-5-19\software\microsoft\office\8.0\common\open find\microsoft word\settings\open\file name mru value
obj[85]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\office\8.0\common\open find\microsoft word\settings\open\file name mru value
obj[86]=MRU RegReference : .DEFAULT\software\microsoft\office\8.0\common\open find\microsoft word\settings\save as\file name mru value
obj[87]=MRU RegReference : S-1-5-18\software\microsoft\office\8.0\common\open find\microsoft word\settings\save as\file name mru value
obj[88]=MRU RegReference : S-1-5-19\software\microsoft\office\8.0\common\open find\microsoft word\settings\save as\file name mru value
obj[89]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\office\8.0\common\open find\microsoft word\settings\save as\file name mru value
obj[90]=MRU RegReference : .DEFAULT\software\microsoft\office\8.0\excel\recent file list
obj[91]=MRU RegReference : S-1-5-18\software\microsoft\office\8.0\excel\recent file list
obj[92]=MRU RegReference : S-1-5-19\software\microsoft\office\8.0\excel\recent file list
obj[93]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\office\8.0\excel\recent file list
obj[94]=MRU RegReference : .DEFAULT\software\microsoft\office\8.0\powerpoint\recent typeface list
obj[95]=MRU RegReference : S-1-5-18\software\microsoft\office\8.0\powerpoint\recent typeface list
obj[96]=MRU RegReference : S-1-5-19\software\microsoft\office\8.0\powerpoint\recent typeface list
obj[97]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\office\8.0\powerpoint\recent typeface list
obj[98]=MRU RegReference : .DEFAULT\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru value
obj[99]=MRU RegReference : S-1-5-18\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru value
obj[100]=MRU RegReference : S-1-5-19\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru value
obj[101]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\search assistant\acmru\5603
obj[102]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\search assistant\acmru\5604
obj[103]=MRU RegReference : S-1-5-18\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru value
obj[104]=MRU RegReference : .DEFAULT\software\microsoft\windows\currentversion\applets\paint\recent file list
obj[105]=MRU RegReference : S-1-5-18\software\microsoft\windows\currentversion\applets\paint\recent file list
obj[106]=MRU RegReference : S-1-5-19\software\microsoft\windows\currentversion\applets\paint\recent file list
obj[107]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
obj[108]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[109]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\asx
obj[110]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.log
obj[111]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\bkf
obj[112]=MRU RegReference : .DEFAULT\software\nico mak computing\winzip\filemenu
obj[113]=MRU RegReference : S-1-5-18\software\nico mak computing\winzip\filemenu
obj[114]=MRU RegReference : S-1-5-19\software\nico mak computing\winzip\filemenu
obj[115]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\nico mak computing\winzip\filemenu
obj[116]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\EX_
obj[117]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\fnd
obj[118]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\gif
obj[119]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\htm
obj[120]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\html
obj[121]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\IFO
obj[122]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\INF
obj[123]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\jfif
obj[124]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\jpe
obj[125]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\jpeg
obj[126]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\jpg
obj[127]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\mp3
obj[128]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\mpeg
obj[129]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\mpg
obj[130]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\ncd
obj[131]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\nr3
obj[132]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\nra
obj[133]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\nri
obj[134]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\pdf
obj[135]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\png
obj[136]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\psd
obj[137]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\rar
obj[138]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\vob
obj[139]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\wav
obj[140]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\wmv
obj[141]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\zip
obj[143]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\findcomputermru
obj[150]=MRU RegReference : S-1-5-19\software\realnetworks\realplayer\6.0\preferences\MostRecentClips3
obj[151]=MRU RegReference : S-1-5-19\software\realnetworks\realplayer\6.0\preferences\MostRecentClips4
obj[152]=MRU RegReference : S-1-5-19\software\realnetworks\realplayer\6.0\preferences\MostRecentClips5
obj[164]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentSkins1
obj[146]=MRU RegReference : .DEFAULT\software\realnetworks\realplayer\6.0\preferences\LastLoginTime
obj[147]=MRU RegReference : S-1-5-18\software\realnetworks\realplayer\6.0\preferences\LastLoginTime
obj[148]=MRU RegReference : S-1-5-19\software\realnetworks\realplayer\6.0\preferences\LastLoginTime
obj[149]=MRU RegReference : S-1-5-19\software\realnetworks\realplayer\6.0\preferences\MostRecentClips2
obj[153]=MRU RegReference : S-1-5-19\software\realnetworks\realplayer\6.0\preferences\MostRecentClips6
obj[154]=MRU RegReference : S-1-5-19\software\realnetworks\realplayer\6.0\preferences\MostRecentClips7
obj[155]=MRU RegReference : S-1-5-19\software\realnetworks\realplayer\6.0\preferences\MostRecentClips8
obj[166]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\realnetworks\realplayer\6.0\preferences\LastLoginTime
obj[196]=MRU RegReference : .DEFAULT\software\microsoft\windows media\wmsdk\general computername
obj[197]=MRU RegReference : S-1-5-18\software\microsoft\windows media\wmsdk\general computername
obj[198]=MRU RegReference : S-1-5-19\software\microsoft\windows media\wmsdk\general computername
obj[199]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\windows media\wmsdk\general computername
obj[200]=MRU RegReference : S-1-5-21-1801674531-1606980848-1060284298-1003\software\winrar\dialogedithistory\extrpath

WIN32.TROJAN.BYTEVERIFY.A
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[131]=Regkey : interface\{22b3b001-82cb-4977-96e2-d55cebadce38}
obj[132]=RegValue : interface\{22b3b001-82cb-4977-96e2-d55cebadce38} ""
obj[138]=Regkey : typelib\{59e961b9-9acf-44fc-9bf5-003470cc2534}

SEARCHMAID
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[133]=Regkey : interface\{835baa68-b5e5-47d5-a18d-2a4e0f5b72d5}
obj[134]=RegValue : interface\{835baa68-b5e5-47d5-a18d-2a4e0f5b72d5} ""
obj[135]=Regkey : interface\{ab2dde8c-cbff-491a-9825-87b8bb4cbfe0}
obj[136]=RegValue : interface\{ab2dde8c-cbff-491a-9825-87b8bb4cbfe0} ""
obj[137]=Regkey : typelib\{42c7653a-5834-45a1-899a-ed0dfa370d21}
obj[156]=Regkey : software\microsoft\windows\currentversion\uninstall\virtual maidvirtual maid
obj[157]=RegValue : software\microsoft\windows\currentversion\uninstall\virtual maidvirtual maid "DisplayName"
obj[158]=RegValue : software\microsoft\windows\currentversion\uninstall\virtual maidvirtual maid "UninstallString"
obj[164]=Regkey : S-1-5-21-1801674531-1606980848-1060284298-1003\software\virtual maid
obj[169]=RegValue : software\microsoft\internet explorer\toolbar "{77B2F8DE-CB3F-4B6B-839B-807DD1ADBA1C}"
obj[182]=RegValue : software\microsoft\windows\currentversion\policies\explorer\run "notepad2.exe"

CRACKSPIDER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[139]=Regkey : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\internet explorer\extensions\{10954c80-4f0f-11d3-b17c-00c0dfe39736}
obj[140]=RegValue : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\internet explorer\extensions\{10954c80-4f0f-11d3-b17c-00c0dfe39736} "ButtonText"
obj[141]=RegValue : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\internet explorer\extensions\{10954c80-4f0f-11d3-b17c-00c0dfe39736} "MenuText"
obj[142]=RegValue : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\internet explorer\extensions\{10954c80-4f0f-11d3-b17c-00c0dfe39736} "MenuStatusBar"
obj[143]=RegValue : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\internet explorer\extensions\{10954c80-4f0f-11d3-b17c-00c0dfe39736} "ClSid"
obj[144]=RegValue : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\internet explorer\extensions\{10954c80-4f0f-11d3-b17c-00c0dfe39736} "Default Visible"
obj[145]=RegValue : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\internet explorer\extensions\{10954c80-4f0f-11d3-b17c-00c0dfe39736} "Exec"
obj[146]=RegValue : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\internet explorer\extensions\{10954c80-4f0f-11d3-b17c-00c0dfe39736} "HotIcon"
obj[147]=RegValue : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\internet explorer\extensions\{10954c80-4f0f-11d3-b17c-00c0dfe39736} "Icon"
obj[247]=File : C:\WINDOWS\crcspider.ico

2020SEARCH
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[148]=Regkey : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\internet explorer\menuext\&rsdn search
obj[149]=RegValue : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\internet explorer\menuext\&rsdn search ""
obj[150]=RegValue : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\internet explorer\menuext\&rsdn search "Contexts"
obj[161]=Regkey : S-1-5-21-1801674531-1606980848-1060284298-1003\\software\microsoft\internet explorer\menuext\&rsdn search
obj[162]=RegValue : S-1-5-21-1801674531-1606980848-1060284298-1003\\software\microsoft\internet explorer\menuext\&rsdn search ""
obj[163]=RegValue : S-1-5-21-1801674531-1606980848-1060284298-1003\\software\microsoft\internet explorer\menuext\&rsdn search "Contexts"

ALTNETBDE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[151]=Regkey : software\classes\interface\{ad5bc1f0-72d8-44b3-8e3d-8e8fecce43fb}
obj[152]=RegValue : software\classes\interface\{ad5bc1f0-72d8-44b3-8e3d-8e8fecce43fb} ""

WIN32.DOWNLOADER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[153]=Regkey : software\microsoft\code store database\distribution units\{11111111-1111-1111-1111-111111111157}
obj[154]=RegValue : software\microsoft\code store database\distribution units\{11111111-1111-1111-1111-111111111157} "SystemComponent"
obj[155]=RegValue : software\microsoft\code store database\distribution units\{11111111-1111-1111-1111-111111111157} "Installer"

SECURITY IGUARD
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[159]=Regkey : software\rex-services
obj[160]=RegValue : software\rex-services "MGuid"
obj[183]=Folder : C:\Documents and Settings\Default\Application Data\Rex-Services

ALEXA
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[165]=RegValue : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
obj[166]=RegValue : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
obj[167]=RegValue : S-1-5-19\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
obj[168]=RegValue : S-1-5-21-1801674531-1606980848-1060284298-1003\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"

WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[170]=RegData : software\microsoft\windows nt\currentversion\winlogon "Shell"

POSSIBLE BROWSER HIJACK ATTEMPT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[171]=RegData : S-1-5-19\Software\Microsoft\Internet Explorer\Main "Search Page"
obj[172]=RegData : S-1-5-19\Software\Microsoft\Internet Explorer\Main "Search Bar"
obj[173]=RegData : S-1-5-19\Software\Microsoft\Internet Explorer\Search "SearchAssistant"
obj[174]=RegData : S-1-5-19\Software\Microsoft\Internet Explorer "SearchURL"
obj[175]=RegData : S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL "SearchURL"
obj[176]=RegData : S-1-5-21-1801674531-1606980848-1060284298-1003\Software\Microsoft\Internet Explorer "SearchURL"
obj[185]=File : C:\Documents and Settings\Default\Favorites\Poker.url
obj[186]=File : C:\Documents and Settings\Default\Favorites\Black Jack Online.url
obj[187]=File : C:\Documents and Settings\Default\Favorites\Online Gambling.url
obj[188]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy.url
obj[189]=File : C:\Documents and Settings\Default\Favorites\Spyware Removal.url
obj[190]=File : C:\Documents and Settings\Default\Favorites\Network Security.url
obj[191]=File : C:\Documents and Settings\Default\Favorites\Anti Spam.url
obj[192]=File : C:\Documents and Settings\Default\Favorites\Online Dating.url
obj[193]=File : C:\Documents and Settings\Default\Favorites\Sexual Life\Photo Personal.url
obj[194]=File : C:\Documents and Settings\Default\Favorites\Sexual Life\Escorts.url
obj[195]=File : C:\Documents and Settings\Default\Favorites\Sexual Life\Single Girls.url
obj[196]=File : C:\Documents and Settings\Default\Favorites\Sexual Life\Swinger Clubs.url
obj[197]=File : C:\Documents and Settings\Default\Favorites\Sexual Life\Adult Dating.url
obj[198]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Online Pharmacy.url
obj[199]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Adipex.url
obj[200]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Alprazolam.url
obj[201]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Ambien.url
obj[202]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Carisoprodol.url
obj[203]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Celebrex.url
obj[204]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Cipro.url
obj[205]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Clonazepam.url
obj[206]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Codeine.url
obj[207]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Diazepam.url
obj[208]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Hydrocodone.url
obj[209]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Lipitor.url
obj[210]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Lorazepam.url
obj[211]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Lorcet.url
obj[212]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Lortab.url
obj[213]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Norco.url
obj[214]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Paxil.url
obj[215]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Prozac.url
obj[216]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Ritalin.url
obj[217]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Steroids.url
obj[218]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Ultram.url
obj[219]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Valium.url
obj[220]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Viagra.url
obj[221]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Vicodin.url
obj[222]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Xanax.url
obj[223]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Zithromax.url
obj[224]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Zoloft.url
obj[225]=File : C:\Documents and Settings\Default\Favorites\Online Pharmacy\Zyban.url
obj[226]=File : C:\Documents and Settings\Default\Favorites\Internet\Spyware.url
obj[227]=File : C:\Documents and Settings\Default\Favorites\Internet\Spyware Remover.url
obj[228]=File : C:\Documents and Settings\Default\Favorites\Internet\Network Security.url
obj[229]=File : C:\Documents and Settings\Default\Favorites\Internet\Anti Spam Filters.url
obj[230]=File : C:\Documents and Settings\Default\Favorites\Internet\Antivirus.url
obj[231]=File : C:\Documents and Settings\Default\Favorites\Internet\Web Site Design.url
obj[232]=File : C:\Documents and Settings\Default\Favorites\Online Gambling\Online Casino.url
obj[233]=File : C:\Documents and Settings\Default\Favorites\Online Gambling\Online Gambling.url
obj[234]=File : C:\Documents and Settings\Default\Favorites\Online Gambling\Wagering.url
obj[235]=File : C:\Documents and Settings\Default\Favorites\Online Gambling\Online Poker.url
obj[236]=File : C:\Documents and Settings\Default\Favorites\Online Gambling\Black Jack.url
obj[237]=File : C:\Documents and Settings\Default\Favorites\Online Gambling\Online Slot Machines.url
obj[238]=File : C:\Documents and Settings\Default\Favorites\Online Gambling\Online Roulette.url
obj[239]=File : C:\Documents and Settings\Default\Favorites\Online Gambling\Sport Betting.url
obj[240]=File : C:\Documents and Settings\Default\Favorites\Online Gambling\Craps.url
obj[241]=File : C:\Documents and Settings\Default\Favorites\Online Gambling\Baccarat.url
obj[242]=File : C:\Documents and Settings\Default\Favorites\Online Gambling\Horse Racing.url
obj[243]=File : C:\Documents and Settings\Default\Favorites\Online Gambling\Black Jack Tips.url
obj[244]=File : C:\Documents and Settings\Default\Favorites\Online Gambling\Free Chips.url
obj[245]=File : C:\Documents and Settings\Default\Favorites\Online Gambling\Lottery.url
obj[246]=File : C:\Documents and Settings\Default\Favorites\Online Gambling\Bingo.url

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[177]=IECache Entry : C:\Documents and Settings\Default\Cookies\default@mediaplex[1].txt
obj[178]=IECache Entry : C:\Documents and Settings\Default\Cookies\default@bluestreak[1].txt
obj[179]=IECache Entry : C:\Documents and Settings\Default\Cookies\default@atdmt[1].txt
obj[180]=IECache Entry : C:\Documents and Settings\Default\Cookies\[email protected][2].txt
obj[181]=IECache Entry : C:\Documents and Settings\Default\Cookies\default@doubleclick[1].txt

CYDOOR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[184]=File : C:\WINDOWS\TEMP\_ad1A5.dll

[Advertisements]

In order to assist you, we need to see the log from an Ad-Aware SE 1.05 full system scan.

Important Note! Before performing a scan, be sure that you have the most recent definitions file by using WebUpdate. (Click on the Globe icon, Click connect, Click OK, Click Finish.) At this current point * SE1R42 28.04.2005 * is the most recent definition file.

Ad-Aware SE comes preconfigured with default options so we need you to make only one change. Please deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Select "Perform Full System Scan" and press "Next". When the scan has completed, click "Show Logfile".

Please copy/paste the complete log file here using the reply button. Don't quarantine or remove anything at this time, just post a complete logfile. This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted.

When you have posted your log here, Team Lavasoft can advise on what to do next.

Please post back if you have any questions or other problems.

Good luck

Andy

[Kizza*]

Hi. I've followed your suggestions. I hope this helps.

Kizza*

Ad-Aware SE Build 1.05
Logfile Created on:Sunday, May 01, 2005 11:46:41 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):3 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:18 %
Total physical memory:523744 kb
Available physical memory:93388 kb
Total page file size:2067452 kb
Available on page file:170568 kb
Total virtual memory:2097024 kb
Available virtual memory:2041144 kb
OS:Microsoft Windows XP Professional (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-1-05 11:46:41 AM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 300
ThreadCreationTime : 4-30-05 2:11:15 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 360
ThreadCreationTime : 4-30-05 2:11:18 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 384
ThreadCreationTime : 4-30-05 2:11:20 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 428
ThreadCreationTime : 4-30-05 2:11:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 440
ThreadCreationTime : 4-30-05 2:11:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 596
ThreadCreationTime : 4-30-05 2:11:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 620
ThreadCreationTime : 4-30-05 2:11:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 784
ThreadCreationTime : 4-30-05 2:11:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 936
ThreadCreationTime : 4-30-05 2:11:23 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:10 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1048
ThreadCreationTime : 4-30-05 2:11:23 PM
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:11 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1076
ThreadCreationTime : 4-30-05 2:11:23 PM
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1084
ThreadCreationTime : 4-30-05 2:11:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [aswupdsv.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
ProcessID : 1232
ThreadCreationTime : 4-30-05 2:11:23 PM
BasePriority : Normal


#:14 [ashserv.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\ashServ.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
ProcessID : 1244
ThreadCreationTime : 4-30-05 2:11:23 PM
BasePriority : High
FileVersion : 4, 6, 622, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswServ.exe

#:15 [cisvc.exe]
ModuleName : C:\WINDOWS\System32\cisvc.exe
Command Line : C:\WINDOWS\System32\cisvc.exe
ProcessID : 1264
ThreadCreationTime : 4-30-05 2:11:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:16 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1336
ThreadCreationTime : 4-30-05 2:11:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 1364
ThreadCreationTime : 4-30-05 2:11:24 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:18 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k netsvcs
ProcessID : 1432
ThreadCreationTime : 4-30-05 2:11:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:19 [msole32.exe]
ModuleName : C:\WINDOWS\System32\msole32.exe
Command Line : "C:\WINDOWS\System32\msole32.exe"
ProcessID : 1664
ThreadCreationTime : 4-30-05 2:11:29 PM
BasePriority : Normal


#:20 [kxmixer.exe]
ModuleName : C:\WINDOWS\System32\kxmixer.exe
Command Line : "C:\WINDOWS\System32\kxmixer.exe" --startup
ProcessID : 1688
ThreadCreationTime : 4-30-05 2:11:29 PM
BasePriority : Normal
FileVersion : 5, 10, 00, 3534 - debug
ProductVersion : 5, 10, 00, 3534 - debug
ProductName : kX mixer
CompanyName : Eugene Gavrilov
FileDescription : kX mixer
InternalName : kX mixer
LegalCopyright : Copyright © Eugene Gavrilov, 2001-2003.
OriginalFilename : kxmixer.exe

#:21 [ashdisp.exe]
ModuleName : C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Command Line : "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
ProcessID : 1760
ThreadCreationTime : 4-30-05 2:11:30 PM
BasePriority : Normal
FileVersion : 4, 6, 622, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswDisp.exe

#:22 [ashmaisv.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
ProcessID : 148
ThreadCreationTime : 4-30-05 2:11:35 PM
BasePriority : Normal


#:23 [ashwebsv.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
ProcessID : 276
ThreadCreationTime : 4-30-05 2:11:35 PM
BasePriority : Normal


#:24 [cidaemon.exe]
ModuleName : C:\WINDOWS\System32\cidaemon.exe
Command Line : cidaemon.exe DownLevelDaemon "g:\system volume information\catalog.wci" 196672l 1264l
ProcessID : 3040
ThreadCreationTime : 4-30-05 2:19:03 PM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe

#:25 [popuper.exe]
ModuleName : C:\WINDOWS\popuper.exe
Command Line : "C:\WINDOWS\popuper.exe"
ProcessID : 2556
ThreadCreationTime : 4-30-05 4:43:57 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 217
ProductVersion : 1, 0, 0, 217
ProductName : Popuper Application
FileDescription : Popuper Application
InternalName : Popuper
LegalCopyright : Copyright © 2005
OriginalFilename : Popuper.exe

#:26 [intmonp.exe]
ModuleName : C:\WINDOWS\System32\intmonp.exe
Command Line : intmonp.exe
ProcessID : 2608
ThreadCreationTime : 4-30-05 4:44:00 PM
BasePriority : Normal


#:27 [smc.exe]
ModuleName : C:\Program Files\Sygate\SPF\smc.exe
Command Line : n/a
ProcessID : 1524
ThreadCreationTime : 4-30-05 4:50:34 PM
BasePriority : Normal
FileVersion : 5.6.00.2808
ProductVersion : 5.6.00.2808
ProductName : Sygate® Security Agent and Personal Firewall
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
LegalCopyright : Copyright © 1999 - 2004 Sygate Technologies, Inc. All rights reserved.
OriginalFilename : Smc.EXE

#:28 [drwtsn32.exe]
ModuleName : C:\WINDOWS\system32\drwtsn32.exe
Command Line : n/a
ProcessID : 200
ThreadCreationTime : 4-30-05 4:52:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : DrWatson Postmortem Debugger
InternalName : drwtsn32.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : drwtsn32.exe

#:29 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2588
ThreadCreationTime : 5-1-05 10:41:56 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows Object Recognized!
Type : RegData
Data : explorer.exe, msmsgs.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe, msmsgs.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 4-19-35 9:10:50 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 1-1-38 1:00:00 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bluestreak[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 4-24-15 5:09:42 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 4



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
83 entries scanned.
New critical objects:0
Objects found so far: 4




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4

12:28:29 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:41:47.846
Objects scanned:146156
Objects identified:4
Objects ignored:0
New critical objects:4

[Rawe]

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
83 entries scanned.

If your system is running a program which changes the hosts file or you have added listings to the hosts file, then there is no need to check further. Otherwise, download the "Host file viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your hosts file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip

- Rawe

[Rawe]

Erm, you need to post a new scanlog, I didn't notice this..
You used "Custom mode", but we need to see logfile from "Full system scan"..
Post a fresh log here and we'll take a look.
(Though, please restore your hosts file to default before rescan..)
Thanks,

- Rawe

[Kizza*]

Hi.

I followed your advice and I think I have restored my host files using the host file reader (i scanned for hosts then hit restore to default). I did run a full system scan which I posted in my second post. Do I need to do it again seeing as i have only just reset my host files?

thanks

Kizza*

[Rawe]

When you have restored your hosts file to default, post a fresh Ad-aware log in this topic.
The rescan which you will need to do, have to be full system scan.
I'll wait for your scanlog, and tell you what you need to do next..

- Rawe

[Kizza*]

OK I have run hostfilereader again and reset hosts to default and then run a new full system scan. Here is the result.

Thanks.

Kizza*

Ad-Aware SE Build 1.05
Logfile Created on:Monday, May 02, 2005 12:39:52 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:32 %
Total physical memory:523744 kb
Available physical memory:166960 kb
Total page file size:1281020 kb
Available on page file:959956 kb
Total virtual memory:2097024 kb
Available virtual memory:2044292 kb
OS:Microsoft Windows XP Professional (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-2-05 12:39:52 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 336
ThreadCreationTime : 5-2-05 10:33:40 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 412
ThreadCreationTime : 5-2-05 10:33:43 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 436
ThreadCreationTime : 5-2-05 10:33:44 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 480
ThreadCreationTime : 5-2-05 10:33:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 492
ThreadCreationTime : 5-2-05 10:33:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 660
ThreadCreationTime : 5-2-05 10:33:45 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 712
ThreadCreationTime : 5-2-05 10:33:45 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 896
ThreadCreationTime : 5-2-05 10:33:48 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1048
ThreadCreationTime : 5-2-05 10:33:48 AM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:10 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1212
ThreadCreationTime : 5-2-05 10:33:49 AM
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1256
ThreadCreationTime : 5-2-05 10:33:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1264
ThreadCreationTime : 5-2-05 10:33:49 AM
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:13 [msole32.exe]
ModuleName : C:\WINDOWS\System32\msole32.exe
Command Line : "C:\WINDOWS\System32\msole32.exe"
ProcessID : 1436
ThreadCreationTime : 5-2-05 10:33:52 AM
BasePriority : Normal


#:14 [popuper.exe]
ModuleName : C:\WINDOWS\popuper.exe
Command Line : "C:\WINDOWS\popuper.exe"
ProcessID : 1444
ThreadCreationTime : 5-2-05 10:33:52 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 217
ProductVersion : 1, 0, 0, 217
ProductName : Popuper Application
FileDescription : Popuper Application
InternalName : Popuper
LegalCopyright : Copyright © 2005
OriginalFilename : Popuper.exe

#:15 [kxmixer.exe]
ModuleName : C:\WINDOWS\System32\kxmixer.exe
Command Line : "C:\WINDOWS\System32\kxmixer.exe" --startup
ProcessID : 1460
ThreadCreationTime : 5-2-05 10:33:52 AM
BasePriority : Normal
FileVersion : 5, 10, 00, 3534 - debug
ProductVersion : 5, 10, 00, 3534 - debug
ProductName : kX mixer
CompanyName : Eugene Gavrilov
FileDescription : kX mixer
InternalName : kX mixer
LegalCopyright : Copyright © Eugene Gavrilov, 2001-2003.
OriginalFilename : kxmixer.exe

#:16 [lxbkbmgr.exe]
ModuleName : C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
Command Line : "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
ProcessID : 1480
ThreadCreationTime : 5-2-05 10:33:52 AM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X1100 Series Button Manager
InternalName : lxbkbmgr.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbkbmgr.exe

#:17 [ashdisp.exe]
ModuleName : C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Command Line : "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
ProcessID : 1512
ThreadCreationTime : 5-2-05 10:33:53 AM
BasePriority : Normal
FileVersion : 4, 6, 622, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswDisp.exe

#:18 [lxbkbmon.exe]
ModuleName : C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
Command Line : "C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe"
ProcessID : 1528
ThreadCreationTime : 5-2-05 10:33:53 AM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X1100 Series Button Monitor
InternalName : lxbkbmon.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbkbmon.exe

#:19 [intmonp.exe]
ModuleName : C:\WINDOWS\System32\intmonp.exe
Command Line : intmonp.exe
ProcessID : 1568
ThreadCreationTime : 5-2-05 10:33:53 AM
BasePriority : Normal


#:20 [aswupdsv.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
ProcessID : 1964
ThreadCreationTime : 5-2-05 10:34:25 AM
BasePriority : Normal


#:21 [ashserv.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\ashServ.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
ProcessID : 1976
ThreadCreationTime : 5-2-05 10:34:25 AM
BasePriority : High
FileVersion : 4, 6, 622, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswServ.exe

#:22 [cisvc.exe]
ModuleName : C:\WINDOWS\System32\cisvc.exe
Command Line : C:\WINDOWS\System32\cisvc.exe
ProcessID : 1996
ThreadCreationTime : 5-2-05 10:34:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:23 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 164
ThreadCreationTime : 5-2-05 10:34:26 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:24 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 196
ThreadCreationTime : 5-2-05 10:34:26 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:25 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k netsvcs
ProcessID : 292
ThreadCreationTime : 5-2-05 10:34:27 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:26 [ashmaisv.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
ProcessID : 960
ThreadCreationTime : 5-2-05 10:34:36 AM
BasePriority : Normal


#:27 [ashwebsv.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
ProcessID : 984
ThreadCreationTime : 5-2-05 10:34:37 AM
BasePriority : Normal


#:28 [cidaemon.exe]
ModuleName : C:\WINDOWS\System32\cidaemon.exe
Command Line : cidaemon.exe DownLevelDaemon "g:\system volume information\catalog.wci" 196672l 1996l
ProcessID : 2404
ThreadCreationTime : 5-2-05 10:41:25 AM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe

#:29 [ashsimpl.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\ashSimpl.exe"
ProcessID : 3696
ThreadCreationTime : 5-2-05 10:50:58 AM
BasePriority : Normal
FileVersion : 4, 6, 622, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
CompanyName : ALWIL Software
FileDescription : Virus scanner
InternalName : aswSimpl.exe
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswSimpl.exe

#:30 [smc.exe]
ModuleName : C:\Program Files\Sygate\SPF\smc.exe
Command Line : n/a
ProcessID : 2936
ThreadCreationTime : 5-2-05 11:26:26 AM
BasePriority : Normal
FileVersion : 5.6.00.2808
ProductVersion : 5.6.00.2808
ProductName : Sygate® Security Agent and Personal Firewall
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
LegalCopyright : Copyright © 1999 - 2004 Sygate Technologies, Inc. All rights reserved.
OriginalFilename : Smc.EXE

#:31 [drwtsn32.exe]
ModuleName : C:\WINDOWS\system32\drwtsn32.exe
Command Line : drwtsn32 -p 2936 -e 1236 -g
ProcessID : 3792
ThreadCreationTime : 5-2-05 11:27:16 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : DrWatson Postmortem Debugger
InternalName : drwtsn32.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : drwtsn32.exe

#:32 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2536
ThreadCreationTime : 5-2-05 11:38:47 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows Object Recognized!
Type : RegData
Data : explorer.exe, msmsgs.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe, msmsgs.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
11 entries scanned.
New critical objects:0
Objects found so far: 1




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

1:13:36 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:33:44.451
Objects scanned:145327
Objects identified:1
Objects ignored:0
New critical objects:1

[Rawe]

Hello again..
Try these online virus scans here;
- Trend Micro
- Panda Activescan

Post the results here.

- Rawe

[Kizza*]

Hi again. I ran a Trend housecall virus scan. Here is as much information as was given.

TROJ.AGENT.SN C:\WINDOWS\SYSTEM32\wldr.dll

Overview

Type: Virus_Type
Aliases: Virus_Alias
In the wild:
Destructive:
Language: Virus_Language
Platform: Virus_Platform
Encrypted:
Characteristics: Info_Characteristics
Overall risk rating Low

--------------------------------------------------------------------------------

Reported infections: Low
Damage potential: Low
Distribution potential: Low

--------------------------------------------------------------------------------

description:

Virus_Description


Description created: 1970-01-01
Description updated: 1970-01-01



Technical Details

Size of malware: Virus_Size

Initial samples received on: Info_TSDiscovered


--------------------------------------------------------------------------------

Details:

Virus_Details





OK?

Kizza*

[Rawe]

Did it offer a deletion?
If not, get download/install Trojan Hunter Here
(30 days free trial)
Scan with it and remove anything it finds..
Reboot, and post a fresh Ad-aware log here..

- Rawe

[Kizza*]

Morning (for me anyway). Just a quick update on how things are progressing...

I've run Trend virus scan, which found a trojan. I tried to clean it and delete it but i'm unclear as to whether it did either of these? So I ran Trojan Hunter 4 which didn't find anything? So maybe i did delete the trojan. I'm now running panda active scan as a triple check and it seems to finding infections and spyware. Mmm? I'll have to wait for the full results and then run another full ad-adawe scan and post the results.

Kizza*

[Kizza*]

Hi again, I finally installed panda and got rid of a load of spys and stuff. I seem to have got rid of the blue error screen, it's now black and I don't have full access to my display properties (which i've seen elsewhere with this issue). I've now re-booted and run a full ad-aware scan. Here it is. Also should I quarintine stuff after a scan?

Cheers.

Kizza*

Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, May 03, 2005 9:19:50 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:56 %
Total physical memory:523744 kb
Available physical memory:289592 kb
Total page file size:1280820 kb
Available on page file:1071368 kb
Total virtual memory:2097024 kb
Available virtual memory:2049648 kb
OS:Microsoft Windows XP Professional (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-3-05 9:19:50 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 312
ThreadCreationTime : 5-3-05 8:17:48 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 372
ThreadCreationTime : 5-3-05 8:17:50 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 396
ThreadCreationTime : 5-3-05 8:17:51 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 440
ThreadCreationTime : 5-3-05 8:17:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 452
ThreadCreationTime : 5-3-05 8:17:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [pavprot.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe"
ProcessID : 616
ThreadCreationTime : 5-3-05 8:17:52 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : PavProt Application
CompanyName : Panda Software
FileDescription : PavProt Application
InternalName : PAVPROT
LegalCopyright : © 2005 Panda Software. All rights reserved.
OriginalFilename : PavProt.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 752
ThreadCreationTime : 5-3-05 8:18:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 796
ThreadCreationTime : 5-3-05 8:18:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1068
ThreadCreationTime : 5-3-05 8:18:10 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1244
ThreadCreationTime : 5-3-05 8:18:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1364
ThreadCreationTime : 5-3-05 8:18:13 PM
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1404
ThreadCreationTime : 5-3-05 8:18:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1412
ThreadCreationTime : 5-3-05 8:18:13 PM
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:14 [msole32.exe]
ModuleName : C:\WINDOWS\System32\msole32.exe
Command Line : "C:\WINDOWS\System32\msole32.exe"
ProcessID : 1516
ThreadCreationTime : 5-3-05 8:18:14 PM
BasePriority : Normal


#:15 [kxmixer.exe]
ModuleName : C:\WINDOWS\System32\kxmixer.exe
Command Line : "C:\WINDOWS\System32\kxmixer.exe" --startup
ProcessID : 1600
ThreadCreationTime : 5-3-05 8:18:15 PM
BasePriority : Normal
FileVersion : 5, 10, 00, 3534 - debug
ProductVersion : 5, 10, 00, 3534 - debug
ProductName : kX mixer
CompanyName : Eugene Gavrilov
FileDescription : kX mixer
InternalName : kX mixer
LegalCopyright : Copyright © Eugene Gavrilov, 2001-2003.
OriginalFilename : kxmixer.exe

#:16 [cisvc.exe]
ModuleName : C:\WINDOWS\System32\cisvc.exe
Command Line : C:\WINDOWS\System32\cisvc.exe
ProcessID : 1696
ThreadCreationTime : 5-3-05 8:18:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:17 [pavfires.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
Command Line : n/a
ProcessID : 1812
ThreadCreationTime : 5-3-05 8:18:21 PM
BasePriority : Normal
FileVersion : 1, 6, 8, 4
ProductVersion : 2.,0, 0, 5
ProductName : Internet Security Technologies
CompanyName : Panda Software
FileDescription : Personal Firewall Service
InternalName : Pavfires
LegalCopyright : Copyright © 2004 Panda Software
OriginalFilename : Pavfires.exe

#:18 [pavfnsvr.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe"
ProcessID : 1960
ThreadCreationTime : 5-3-05 8:18:36 PM
BasePriority : Normal
FileVersion : 5.03.03
ProductVersion : 5.03.03
ProductName : Panda Software PavFnSvr
CompanyName : Panda Software
FileDescription : Panda Function Service
InternalName : PavFnSvr
LegalCopyright : © Panda Software 2005
OriginalFilename : PavFnSvr.exe

#:19 [pavkre.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe"
ProcessID : 1988
ThreadCreationTime : 5-3-05 8:18:36 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : PavKre Aplicación
CompanyName : Panda Software
FileDescription : PavKre Aplicación
InternalName : PavKre
LegalCopyright : © 2005 Panda Software. All rights reserved.
OriginalFilename : PavKre.exe

#:20 [pavprsrv.exe]
ModuleName : C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
Command Line : "C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe"
ProcessID : 212
ThreadCreationTime : 5-3-05 8:18:47 PM
BasePriority : Normal
FileVersion : 1.3.0.0
ProductVersion : 1.3.0.0
ProductName : PandaShield
CompanyName : Panda Software
FileDescription : Panda Process Protection Service
InternalName : PavPrSrv
LegalCopyright : Copyright © 2004, Panda Software
OriginalFilename : PavPrSrv.exe

#:21 [pavsrv51.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe"
ProcessID : 280
ThreadCreationTime : 5-3-05 8:18:47 PM
BasePriority : High
FileVersion : 1, 3, 2085, 8
ProductVersion : 1.3.2085.8
ProductName : Panda Antivirus for Windows NT/2000/XP/2003
CompanyName : Panda Software
FileDescription : On-Access Antivirus Scanner Service.
InternalName : pavsrv.exe
LegalCopyright : © Panda Software 2004.
OriginalFilename : pavsrv.exe

#:22 [avengine.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\\AVENGINE.EXE"
ProcessID : 292
ThreadCreationTime : 5-3-05 8:18:47 PM
BasePriority : Normal
FileVersion : 1, 3, 2085, 7
ProductVersion : 1.3.2085.7
ProductName : Panda Antivirus for Windows NT/2000/XP/2003
CompanyName : Panda Software
FileDescription : Enhanced On-Access Antivirus Scanner Process.
InternalName : avengine.exe
LegalCopyright : © Panda Software 2004.
OriginalFilename : avengine.exe

#:23 [prevsrv.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe"
ProcessID : 340
ThreadCreationTime : 5-3-05 8:18:48 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 11
ProductVersion : 2, 0, 0, 9
ProductName : prevsrv
CompanyName : Panda Software
FileDescription : Panda Preventium+ © service
InternalName : prevsrv
LegalCopyright : Copyright © Panda Software 2004
OriginalFilename : prevsrv
Comments : Panda Preventium+ © service

#:24 [psimsvc.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe"
ProcessID : 244
ThreadCreationTime : 5-3-05 8:18:48 PM
BasePriority : Normal
FileVersion : 1, 5, 3, 0
ProductVersion : 1, 5, 0, 0
ProductName : Panda Antivirus
CompanyName : Panda Software Internacional
FileDescription : Common Interface Manager
InternalName : PsImSvc
LegalCopyright : © Panda Software 2005.
OriginalFilename : PsImSvc.exe

#:25 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 892
ThreadCreationTime : 5-3-05 8:18:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:26 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 964
ThreadCreationTime : 5-3-05 8:18:49 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:27 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k netsvcs
ProcessID : 1192
ThreadCreationTime : 5-3-05 8:18:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:28 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2928
ThreadCreationTime : 5-3-05 8:19:33 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:29 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe" /RunStoreAsComServer Local\[4a8]SUSDSf65a4af731b5114d9c64c45421569573
ProcessID : 2976
ThreadCreationTime : 5-3-05 8:19:38 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows Object Recognized!
Type : RegData
Data : explorer.exe, msmsgs.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe, msmsgs.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
11 entries scanned.
New critical objects:0
Objects found so far: 1




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

9:32:05 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:15.758
Objects scanned:146144
Objects identified:1
Objects ignored:0
New critical objects:1