Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Referred]Ad-Aware Help[RESOLVED]

Started by prgaudette , Apr 30 2005 08:07 PM

  • This topic is locked This topic is locked

#1
prgaudette
Posted 30 April 2005 - 08:07 PM

prgaudette

    Member

  • Member
  • PipPip
  • 14 posts
I have been infected by spyware for about a week now. Despite running Ad-Aware, Spybot, etc. to get rid of it, it keeps coming back. The symptom is frequent IE pop up ads even when I'm not using IE. Here is the log from the most recent Ad-Aware scan: Please can you help me?

Ad-Aware SE Build 1.05
Logfile Created on:Saturday, April 30, 2005 9:40:11 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):9 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650

4-30-2005 9:38:10 PM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


4-30-2005 9:38:20 PM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:10 %
Total physical memory:522456 kb
Available physical memory:47432 kb
Total page file size:1278216 kb
Available on page file:910516 kb
Total virtual memory:2097024 kb
Available virtual memory:2026592 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


4-30-2005 9:40:11 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 548
ThreadCreationTime : 4-30-2005 10:31:14 PM
BasePriority : Normal


#:2 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : n/a
ProcessID : 932
ThreadCreationTime : 4-30-2005 10:31:18 PM
BasePriority : High


#:3 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : n/a
ProcessID : 976
ThreadCreationTime : 4-30-2005 10:31:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : n/a
ProcessID : 988
ThreadCreationTime : 4-30-2005 10:31:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : n/a
ProcessID : 1156
ThreadCreationTime : 4-30-2005 10:31:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1364
ThreadCreationTime : 4-30-2005 10:31:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [s24evmon.exe]
ModuleName : C:\WINDOWS\System32\S24EvMon.exe
Command Line : n/a
ProcessID : 1400
ThreadCreationTime : 4-30-2005 10:31:19 PM
BasePriority : Normal
FileVersion : 4, 1, 0, 3
ProductVersion : 4, 1, 0, 3
ProductName : Mobile Unit Support Service
CompanyName : Intel Corporation
FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
InternalName : S24EvMon
LegalCopyright : Copyright © 2001 - 2004 Intel Corporation, 1997 - 2001 Symbol Technologies, Inc. Portions Copyright © MIT
OriginalFilename : S24EvMon.exe

#:8 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : n/a
ProcessID : 1792
ThreadCreationTime : 4-30-2005 10:31:20 PM
BasePriority : Normal
FileVersion : 8.19
ProductVersion : 8.19
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:9 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : n/a
ProcessID : 1824
ThreadCreationTime : 4-30-2005 10:31:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:10 [agentsrv.exe]
ModuleName : C:\Program Files\Centerbeam\AgentSrv.EXE
Command Line : n/a
ProcessID : 132
ThreadCreationTime : 4-30-2005 10:31:22 PM
BasePriority : Normal
FileVersion : 7.1.3.0439
ProductVersion : 7.1.3a
ProductName : Connected DataProtector
CompanyName : Connected Corporation
FileDescription : Agent Service Module
InternalName : AgentSrv
LegalCopyright : © 2004 by Connected Corporation
OriginalFilename : AgentSrv.exe

#:11 [basfipm.exe]
ModuleName : C:\WINDOWS\System32\basfipm.exe
Command Line : n/a
ProcessID : 200
ThreadCreationTime : 4-30-2005 10:31:22 PM
BasePriority : Normal
FileVersion : 6.0.3
ProductVersion : 6.0.3
ProductName : Broadcom ASF IP monitoring service
CompanyName : Broadcom Corp.
FileDescription : Broadcom ASF IP monitoring service
InternalName : BAsfIpM
LegalCopyright : Copyright© 2003 Broadcom Corporation, All Rights Reserved
OriginalFilename : BAsfIpM.EXE

#:12 [besclient.exe]
ModuleName : C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
Command Line : n/a
ProcessID : 236
ThreadCreationTime : 4-30-2005 10:31:22 PM
BasePriority : Normal
FileVersion : 5, 0, 14, 0
ProductVersion : 5, 0, 14, 0
ProductName : BESClient
CompanyName : BigFix Inc.
FileDescription : BigFix BESClient Application
InternalName : BESClient
LegalCopyright : Copyright © 2002
OriginalFilename : BESClient.exe

#:13 [cvpnd.exe]
ModuleName : C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
Command Line : n/a
ProcessID : 272
ThreadCreationTime : 4-30-2005 10:31:23 PM
BasePriority : Normal
FileVersion : 4.0.3 (A)
ProductVersion : 4.0.3 (A)
ProductName : Cisco Systems VPN Client
CompanyName : Cisco Systems, Inc.
FileDescription : Cisco Systems VPN Client
InternalName : cvpnd
LegalCopyright : Copyright © 1998-2003 Cisco Systems, Inc.
OriginalFilename : CVPND.EXE

#:14 [dkservice.exe]
ModuleName : C:\Program Files\Executive Software\Diskeeper\DkService.exe
Command Line : n/a
ProcessID : 308
ThreadCreationTime : 4-30-2005 10:31:23 PM
BasePriority : Normal
FileVersion : 8.0.478.0
ProductVersion : 8.0.478.0
ProductName : Diskeeper ™ Disk Defragmenter
CompanyName : Executive Software International, Inc.
FileDescription : DKSERVICE.EXE
InternalName : DKSERVICE
LegalCopyright : © 1995-2004 Executive Software Int'l, Inc.
OriginalFilename : DKSERVICE

#:15 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : n/a
ProcessID : 344
ThreadCreationTime : 4-30-2005 10:31:23 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:16 [frameworkservice.exe]
ModuleName : C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
Command Line : n/a
ProcessID : 444
ThreadCreationTime : 4-30-2005 10:31:23 PM
BasePriority : Normal
FileVersion : 3.5.0.435
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Framework Service
InternalName : Framework
LegalCopyright : Copyright© 2000-2004 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : Framework.exe

#:17 [mcshield.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\mcshield.exe
Command Line : n/a
ProcessID : 488
ThreadCreationTime : 4-30-2005 10:31:23 PM
BasePriority : High


#:18 [vstskmgr.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
Command Line : n/a
ProcessID : 600
ThreadCreationTime : 4-30-2005 10:31:24 PM
BasePriority : Normal


#:19 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : n/a
ProcessID : 632
ThreadCreationTime : 4-30-2005 10:31:24 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:20 [rstate.exe]
ModuleName : c:\program files\mobile automation\rstate.exe
Command Line : n/a
ProcessID : 688
ThreadCreationTime : 4-30-2005 10:31:24 PM
BasePriority : Normal
FileVersion : 5.0.1378.0
ProductVersion : 5.0.1378.0
ProductName : Mobile Automation
CompanyName : Mobile Automation, Inc.
FileDescription : Mobile Automation Agent
InternalName : RSTATE.EXE
LegalCopyright : Copyright © Mobile Automation 1997-2002
OriginalFilename : RSTATE.EXE

#:21 [regsrvc.exe]
ModuleName : C:\WINDOWS\System32\RegSrvc.exe
Command Line : n/a
ProcessID : 824
ThreadCreationTime : 4-30-2005 10:31:29 PM
BasePriority : Normal
FileVersion : 4, 1, 0, 0
ProductVersion : 4, 1, 0, 0
ProductName : RegSrvc Module
CompanyName : Intel Corporation
FileDescription : RegSrvc Module
InternalName : RegSrvc
LegalCopyright : Copyright © 2002 - 2004 Intel Corporation
OriginalFilename : RegSrvc.EXE

#:22 [r_server.exe]
ModuleName : C:\WINDOWS\System32\r_server.exe
Command Line : n/a
ProcessID : 844
ThreadCreationTime : 4-30-2005 10:31:29 PM
BasePriority : Normal


#:23 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 904
ThreadCreationTime : 4-30-2005 10:31:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:24 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 2312
ThreadCreationTime : 4-30-2005 10:43:58 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:25 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32.exe "C:\WINDOWS\system32\DPDRM.DLL",DllGetVersion
ProcessID : 2452
ThreadCreationTime : 4-30-2005 10:44:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:26 [apoint.exe]
ModuleName : C:\Program Files\Apoint\Apoint.exe
Command Line : "C:\Program Files\Apoint\Apoint.exe"
ProcessID : 3056
ThreadCreationTime : 4-30-2005 10:44:00 PM
BasePriority : Normal
FileVersion : 5.5.101.141
ProductVersion : 5.5.101.141
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2004 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:27 [apntex.exe]
ModuleName : C:\Program Files\Apoint\Apntex.exe
Command Line : "Apntex.exe"
ProcessID : 2912
ThreadCreationTime : 4-30-2005 10:44:01 PM
BasePriority : Normal
FileVersion : 5.5.1.19
ProductVersion : 5.5.1.19
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
LegalCopyright : Copyright © 1998-2004 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:28 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 1528
ThreadCreationTime : 4-30-2005 10:44:01 PM
BasePriority : Normal
FileVersion : 3.0.0.3889
ProductVersion : 7.0.0.3889
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : HKCMD.EXE

#:29 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 3120
ThreadCreationTime : 4-30-2005 10:44:02 PM
BasePriority : Normal


#:30 [pronomgr.exe]
ModuleName : C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
Command Line : "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
ProcessID : 2948
ThreadCreationTime : 4-30-2005 10:44:02 PM
BasePriority : Normal
FileVersion : 6.1.302.0
ProductVersion : 6.1.302.0
ProductName : Intel® Network Configuration Services
CompanyName : Intel® Corporation
FileDescription : PRONotifyMgr Module
InternalName : PRONotifyMgr
LegalCopyright : Copyright© 2001-2002 Intel Corporation
OriginalFilename : PRONoMgr.exe

#:31 [1xconfig.exe]
ModuleName : C:\WINDOWS\System32\1XConfig.exe
Command Line : C:\WINDOWS\System32\1XConfig.exe -Embedding
ProcessID : 2176
ThreadCreationTime : 4-30-2005 10:44:03 PM
BasePriority : Normal
FileVersion : 4, 1, 0, 3
ProductVersion : 4, 1, 0, 0
ProductName : 8021XConfig Module
CompanyName : Intel
FileDescription : 8021XConfig Module
InternalName : 8021XConfig
LegalCopyright : Copyright 2004
OriginalFilename : 1XConfig.EXE
Comments : Wrapper for MH. (Service COM)

#:32 [quickset.exe]
ModuleName : C:\Program Files\Dell\QuickSet\quickset.exe
Command Line : "C:\Program Files\Dell\QuickSet\quickset.exe"
ProcessID : 3768
ThreadCreationTime : 4-30-2005 10:44:03 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : QuickSet Application
FileDescription : QuickSet MFC Application
InternalName : direct
LegalCopyright : Copyright © 2001
OriginalFilename : direct.EXE

#:33 [dsentry.exe]
ModuleName : C:\WINDOWS\System32\DSentry.exe
Command Line : "C:\WINDOWS\System32\DSentry.exe"
ProcessID : 3844
ThreadCreationTime : 4-30-2005 10:44:04 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : Dell - DVDSentry
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
LegalCopyright : Copyright © 2002 Dell
OriginalFilename : DSentry.exe
Comments : DVDSentry launches your software DVD player when a DVD is inserted.

#:34 [rstate.exe]
ModuleName : C:\PROGRA~1\MOBILE~1\rstate.exe
Command Line : "C:\PROGRA~1\MOBILE~1\rstate.exe"
ProcessID : 1216
ThreadCreationTime : 4-30-2005 10:44:04 PM
BasePriority : Normal
FileVersion : 5.0.1378.0
ProductVersion : 5.0.1378.0
ProductName : Mobile Automation
CompanyName : Mobile Automation, Inc.
FileDescription : Mobile Automation Agent
InternalName : RSTATE.EXE
LegalCopyright : Copyright © Mobile Automation 1997-2002
OriginalFilename : RSTATE.EXE

#:35 [shstat.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
Command Line : "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
ProcessID : 2888
ThreadCreationTime : 4-30-2005 10:44:05 PM
BasePriority : Normal


#:36 [updaterui.exe]
ModuleName : C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
Command Line : "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
ProcessID : 3436
ThreadCreationTime : 4-30-2005 10:44:06 PM
BasePriority : Normal
FileVersion : 3.5.0.435
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Common User Interface
InternalName : UpdaterUI
LegalCopyright : Copyright© 2000-2004 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : UpdaterUI.exe

#:37 [rsstatus.exe]
ModuleName : c:\program files\mobile automation\rsstatus.exe
Command Line : "c:\program files\mobile automation\rsstatus.exe"
ProcessID : 2972
ThreadCreationTime : 4-30-2005 10:44:06 PM
BasePriority : Normal
FileVersion : 5.0.1378.0
ProductVersion : 5.0.1378.0
ProductName : Mobile Automation
CompanyName : Mobile Automation, Inc.
FileDescription : Mobile Automation Agent Status
InternalName : RSSTATUS.EXE
LegalCopyright : Copyright © Mobile Automation 1997-2002
OriginalFilename : RSSTATUS.EXE

#:38 [lxbfbmgr.exe]
ModuleName : C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
Command Line : "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
ProcessID : 3460
ThreadCreationTime : 4-30-2005 10:44:06 PM
BasePriority : Normal
FileVersion : 0.1.25.0
ProductVersion : 0.1.25.0
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X6100 Series Button Manager
InternalName : lxbfbmgr.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbfbmgr.exe

#:39 [wcescomm.exe]
ModuleName : C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
Command Line : "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
ProcessID : 2384
ThreadCreationTime : 4-30-2005 10:44:07 PM
BasePriority : Normal
FileVersion : 3.7.1.4034
ProductVersion : 3.7.4034
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : ActiveSync Connection Manager
InternalName : wcescomm
LegalCopyright : Copyright © 1995-2004 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : WCESCOMM.EXE

#:40 [lxbfbmon.exe]
ModuleName : C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
Command Line : "C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe"
ProcessID : 1020
ThreadCreationTime : 4-30-2005 10:44:07 PM
BasePriority : Normal
FileVersion : 0.1.25.0
ProductVersion : 0.1.25.0
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X6100 Series Button Monitor
InternalName : lxbfbmon.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbfbmon.exe

#:41 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 2720
ThreadCreationTime : 4-30-2005 10:44:07 PM
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:42 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\lexpps.exe
Command Line : "C:\WINDOWS\system32\lexpps.exe"
ProcessID : 1860
ThreadCreationTime : 4-30-2005 10:44:08 PM
BasePriority : Normal
FileVersion : 8.19
ProductVersion : 8.19
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:43 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 2996
ThreadCreationTime : 4-30-2005 10:44:09 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:44 [googledesktop.exe]
ModuleName : C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
Command Line : "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
ProcessID : 2092
ThreadCreationTime : 4-30-2005 10:44:11 PM
BasePriority : Normal


#:45 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 2084
ThreadCreationTime : 4-30-2005 10:44:11 PM
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:46 [dlg.exe]
ModuleName : C:\Program Files\Digital Line Detect\DLG.exe
Command Line : "C:\Program Files\Digital Line Detect\DLG.exe"
ProcessID : 1776
ThreadCreationTime : 4-30-2005 10:44:14 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe

#:47 [j2gdllcmd.exe]
ModuleName : C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
Command Line : "C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe" /R
ProcessID : 3652
ThreadCreationTime : 4-30-2005 10:44:14 PM
BasePriority : Normal
FileVersion : 3.5.231.0
ProductVersion : 3.5.231.0
ProductName : eFax Messenger ™
CompanyName : j2 Global Communications, Inc.
FileDescription : eFax Messenger - DLL Command Utility
InternalName : DllCmd32
LegalCopyright : Copyright © 2005 j2 Global Communications, Inc.
LegalTrademarks : eFax®
eFax.com ™
eFax Messenger ™
eFax Messenger Plus ™
j2 Messenger ™
eVoice ™
JetSuite®
PaperMaster Pro ™
OriginalFilename : DllCmd32.exe

#:48 [j2gtray.exe]
ModuleName : C:\Program Files\eFax Messenger 3.5\J2GTray.exe
Command Line : "C:\Program Files\eFax Messenger 3.5\J2GTray.exe"
ProcessID : 1268
ThreadCreationTime : 4-30-2005 10:44:14 PM
BasePriority : Normal
FileVersion : 3.5.231.0
ProductVersion : 3.5.231.0
ProductName : eFax Messenger ™
CompanyName : j2 Global Communications, Inc.
FileDescription : eFax Messenger - Tray
InternalName : HotTray
LegalCopyright : Copyright © 2005 j2 Global Communications, Inc.
LegalTrademarks : eFax®
eFax.com ™
eFax Messenger ™
eFax Messenger Plus ™
j2 Messenger ™
eVoice ™
JetSuite®
PaperMaster Pro ™
OriginalFilename : HotTray.exe

#:49 [spysub.exe]
ModuleName : C:\Program Files\interMute\SpySubtract\SpySub.exe
Command Line : "C:\Program Files\interMute\SpySubtract\SpySub.exe" -autostart
ProcessID : 3280
ThreadCreationTime : 4-30-2005 10:44:15 PM
BasePriority : Normal
FileVersion : 1, 0, 1, 49
ProductVersion : 2.60
ProductName : SpySubtract
CompanyName : InterMute, Inc.
FileDescription : SpySubtract Program EXE
InternalName : SpySub.exe
LegalCopyright : Copyright © 2004 InterMute, Inc. All rights reserved.
OriginalFilename : SpySub.exe

#:50 [googledesktopindex.exe]
ModuleName : C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
Command Line : "GoogleDesktopIndex.exe"
ProcessID : 3948
ThreadCreationTime : 4-30-2005 10:44:35 PM
BasePriority : Normal


#:51 [googledesktopcrawl.exe]
ModuleName : C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
Command Line : "GoogleDesktopCrawl.exe" /ie /favorites /recent
ProcessID : 1408
ThreadCreationTime : 4-30-2005 10:44:35 PM
BasePriority : Normal


#:52 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
ProcessID : 1272
ThreadCreationTime : 5-1-2005 12:51:01 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:53 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3232
ThreadCreationTime : 5-1-2005 1:27:42 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 4-29-2009 6:45:48 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@questionmarket[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 6-21-2006 1:12:08 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/
Expires : 5-1-2005 9:05:06 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@zedo[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/
Expires : 4-28-2015 7:20:38 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@trafficmp[2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 4-30-2006 7:32:00 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 4-23-2035 8:51:06 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@fastclick[2].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:[email protected]/
Expires : 4-30-2007 8:53:56 PM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@revenue[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 6-10-2022 1:05:42 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@casalemedia[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 4-21-2006 4:58:06 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 9



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
36 entries scanned.
New critical objects:0
Objects found so far: 9




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

10:04:51 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:24:40.754
Objects scanned:166566
Objects identified:9
Objects ignored:0
New critical objects:9
  • 0

Advertisements

#2
Rawe
Posted 01 May 2005 - 01:30 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
36 entries scanned.


If your system is running a program which changes the hosts file or you have added listings to the hosts file, then there is no need to check further. Otherwise, download the "Host file viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your hosts file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip

- Rawe :tazz:
  • 0

#3
prgaudette
Posted 01 May 2005 - 07:46 AM

prgaudette

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Everytime i clean up the host file the following entries get written again.

127.0.0.1 www.igetnet.com
127.0.0.1 code.ignphrases.com
127.0.0.1 clear-search.com
127.0.0.1 r1.clrsch.com
127.0.0.1 sds.clrsch.com
127.0.0.1 status.clrsch.com
127.0.0.1 www.clrsch.com
127.0.0.1 clr-sch.com
127.0.0.1 sds-qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 www.qoolaid.com
127.0.0.1 www.qoologic.com
127.0.0.1 www.CLKPrecision.com
127.0.0.1 www.urllogic.com
127.0.0.1 www.clkoptimizer.com
127.0.0.1 www.clkoptimizer.com
127.0.0.1 www.clkoptimizer.com
  • 0

#4
Guest_Andy_veal_*
Posted 01 May 2005 - 06:39 PM

Guest_Andy_veal_*
  • Guest
For those entries are safe. :tazz:
  • 0

#5
prgaudette
Posted 01 May 2005 - 08:07 PM

prgaudette

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Restoring my host file to the defaults using the host file viewer did not take care of my problem. As soon as I restore it, additional entries are written as described in the previous post. Here is the latest log file.

Ad-Aware SE Build 1.05
Logfile Created on:Sunday, May 01, 2005 9:36:08 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ClickSpring(TAC index:6):1 total references
MediaMotor(TAC index:8):1 total references
Tracking Cookie(TAC index:3):32 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:31 %
Total physical memory:522456 kb
Available physical memory:160132 kb
Total page file size:1278216 kb
Available on page file:793768 kb
Total virtual memory:2097024 kb
Available virtual memory:2048500 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-1-2005 9:36:08 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 860
ThreadCreationTime : 5-1-2005 2:39:49 PM
BasePriority : Normal


#:2 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : n/a
ProcessID : 940
ThreadCreationTime : 5-1-2005 2:39:59 PM
BasePriority : High


#:3 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : n/a
ProcessID : 988
ThreadCreationTime : 5-1-2005 2:40:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : n/a
ProcessID : 1000
ThreadCreationTime : 5-1-2005 2:40:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : n/a
ProcessID : 1168
ThreadCreationTime : 5-1-2005 2:40:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1400
ThreadCreationTime : 5-1-2005 2:40:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [s24evmon.exe]
ModuleName : C:\WINDOWS\System32\S24EvMon.exe
Command Line : n/a
ProcessID : 1464
ThreadCreationTime : 5-1-2005 2:40:13 PM
BasePriority : Normal
FileVersion : 4, 1, 0, 3
ProductVersion : 4, 1, 0, 3
ProductName : Mobile Unit Support Service
CompanyName : Intel Corporation
FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
InternalName : S24EvMon
LegalCopyright : Copyright © 2001 - 2004 Intel Corporation, 1997 - 2001 Symbol Technologies, Inc. Portions Copyright © MIT
OriginalFilename : S24EvMon.exe

#:8 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : n/a
ProcessID : 1796
ThreadCreationTime : 5-1-2005 2:40:16 PM
BasePriority : Normal
FileVersion : 8.19
ProductVersion : 8.19
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:9 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : n/a
ProcessID : 1828
ThreadCreationTime : 5-1-2005 2:40:17 PM
BasePriority : Normal
FileVersion : 8.19
ProductVersion : 8.19
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : n/a
ProcessID : 1836
ThreadCreationTime : 5-1-2005 2:40:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [agentsrv.exe]
ModuleName : C:\Program Files\Centerbeam\AgentSrv.EXE
Command Line : n/a
ProcessID : 256
ThreadCreationTime : 5-1-2005 2:40:24 PM
BasePriority : Normal
FileVersion : 7.1.3.0439
ProductVersion : 7.1.3a
ProductName : Connected DataProtector
CompanyName : Connected Corporation
FileDescription : Agent Service Module
InternalName : AgentSrv
LegalCopyright : © 2004 by Connected Corporation
OriginalFilename : AgentSrv.exe

#:12 [basfipm.exe]
ModuleName : C:\WINDOWS\System32\basfipm.exe
Command Line : n/a
ProcessID : 288
ThreadCreationTime : 5-1-2005 2:40:24 PM
BasePriority : Normal
FileVersion : 6.0.3
ProductVersion : 6.0.3
ProductName : Broadcom ASF IP monitoring service
CompanyName : Broadcom Corp.
FileDescription : Broadcom ASF IP monitoring service
InternalName : BAsfIpM
LegalCopyright : Copyright© 2003 Broadcom Corporation, All Rights Reserved
OriginalFilename : BAsfIpM.EXE

#:13 [besclient.exe]
ModuleName : C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
Command Line : n/a
ProcessID : 336
ThreadCreationTime : 5-1-2005 2:40:24 PM
BasePriority : Normal
FileVersion : 5, 0, 14, 0
ProductVersion : 5, 0, 14, 0
ProductName : BESClient
CompanyName : BigFix Inc.
FileDescription : BigFix BESClient Application
InternalName : BESClient
LegalCopyright : Copyright © 2002
OriginalFilename : BESClient.exe

#:14 [cvpnd.exe]
ModuleName : C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
Command Line : n/a
ProcessID : 356
ThreadCreationTime : 5-1-2005 2:40:25 PM
BasePriority : Normal
FileVersion : 4.0.3 (A)
ProductVersion : 4.0.3 (A)
ProductName : Cisco Systems VPN Client
CompanyName : Cisco Systems, Inc.
FileDescription : Cisco Systems VPN Client
InternalName : cvpnd
LegalCopyright : Copyright © 1998-2003 Cisco Systems, Inc.
OriginalFilename : CVPND.EXE

#:15 [dkservice.exe]
ModuleName : C:\Program Files\Executive Software\Diskeeper\DkService.exe
Command Line : n/a
ProcessID : 428
ThreadCreationTime : 5-1-2005 2:40:27 PM
BasePriority : Normal
FileVersion : 8.0.478.0
ProductVersion : 8.0.478.0
ProductName : Diskeeper ™ Disk Defragmenter
CompanyName : Executive Software International, Inc.
FileDescription : DKSERVICE.EXE
InternalName : DKSERVICE
LegalCopyright : © 1995-2004 Executive Software Int'l, Inc.
OriginalFilename : DKSERVICE

#:16 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : n/a
ProcessID : 448
ThreadCreationTime : 5-1-2005 2:40:28 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:17 [frameworkservice.exe]
ModuleName : C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
Command Line : n/a
ProcessID : 596
ThreadCreationTime : 5-1-2005 2:40:33 PM
BasePriority : Normal
FileVersion : 3.5.0.435
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Framework Service
InternalName : Framework
LegalCopyright : Copyright© 2000-2004 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : Framework.exe

#:18 [mcshield.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\mcshield.exe
Command Line : n/a
ProcessID : 712
ThreadCreationTime : 5-1-2005 2:40:36 PM
BasePriority : High


#:19 [vstskmgr.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
Command Line : n/a
ProcessID : 732
ThreadCreationTime : 5-1-2005 2:40:37 PM
BasePriority : Normal


#:20 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : n/a
ProcessID : 788
ThreadCreationTime : 5-1-2005 2:40:40 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:21 [rstate.exe]
ModuleName : c:\program files\mobile automation\rstate.exe
Command Line : n/a
ProcessID : 804
ThreadCreationTime : 5-1-2005 2:40:41 PM
BasePriority : Normal
FileVersion : 5.0.1378.0
ProductVersion : 5.0.1378.0
ProductName : Mobile Automation
CompanyName : Mobile Automation, Inc.
FileDescription : Mobile Automation Agent
InternalName : RSTATE.EXE
LegalCopyright : Copyright © Mobile Automation 1997-2002
OriginalFilename : RSTATE.EXE

#:22 [regsrvc.exe]
ModuleName : C:\WINDOWS\System32\RegSrvc.exe
Command Line : n/a
ProcessID : 964
ThreadCreationTime : 5-1-2005 2:40:48 PM
BasePriority : Normal
FileVersion : 4, 1, 0, 0
ProductVersion : 4, 1, 0, 0
ProductName : RegSrvc Module
CompanyName : Intel Corporation
FileDescription : RegSrvc Module
InternalName : RegSrvc
LegalCopyright : Copyright © 2002 - 2004 Intel Corporation
OriginalFilename : RegSrvc.EXE

#:23 [r_server.exe]
ModuleName : C:\WINDOWS\System32\r_server.exe
Command Line : n/a
ProcessID : 1180
ThreadCreationTime : 5-1-2005 2:40:49 PM
BasePriority : Normal


#:24 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1212
ThreadCreationTime : 5-1-2005 2:40:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:25 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32.exe "C:\WINDOWS\system32\atmdll.dll",DllGetVersion
ProcessID : 3004
ThreadCreationTime : 5-1-2005 3:06:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:26 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 3308
ThreadCreationTime : 5-1-2005 3:06:33 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:27 [apoint.exe]
ModuleName : C:\Program Files\Apoint\Apoint.exe
Command Line : "C:\Program Files\Apoint\Apoint.exe"
ProcessID : 3448
ThreadCreationTime : 5-1-2005 3:06:59 PM
BasePriority : Normal
FileVersion : 5.5.101.141
ProductVersion : 5.5.101.141
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2004 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:28 [updaterui.exe]
ModuleName : C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
Command Line : "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /EventName=UPDATER_UI_EVENT18b7bb
ProcessID : 3488
ThreadCreationTime : 5-1-2005 3:07:00 PM
BasePriority : Normal
FileVersion : 3.5.0.435
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Common User Interface
InternalName : UpdaterUI
LegalCopyright : Copyright© 2000-2004 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : UpdaterUI.exe

#:29 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 3532
ThreadCreationTime : 5-1-2005 3:07:03 PM
BasePriority : Normal
FileVersion : 3.0.0.3889
ProductVersion : 7.0.0.3889
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : HKCMD.EXE

#:30 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 3548
ThreadCreationTime : 5-1-2005 3:07:05 PM
BasePriority : Normal


#:31 [pronomgr.exe]
ModuleName : C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
Command Line : "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
ProcessID : 3600
ThreadCreationTime : 5-1-2005 3:07:07 PM
BasePriority : Normal
FileVersion : 6.1.302.0
ProductVersion : 6.1.302.0
ProductName : Intel® Network Configuration Services
CompanyName : Intel® Corporation
FileDescription : PRONotifyMgr Module
InternalName : PRONotifyMgr
LegalCopyright : Copyright© 2001-2002 Intel Corporation
OriginalFilename : PRONoMgr.exe

#:32 [apntex.exe]
ModuleName : C:\Program Files\Apoint\Apntex.exe
Command Line : "Apntex.exe"
ProcessID : 1760
ThreadCreationTime : 5-1-2005 3:07:09 PM
BasePriority : Normal
FileVersion : 5.5.1.19
ProductVersion : 5.5.1.19
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
LegalCopyright : Copyright © 1998-2004 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:33 [quickset.exe]
ModuleName : C:\Program Files\Dell\QuickSet\quickset.exe
Command Line : "C:\Program Files\Dell\QuickSet\quickset.exe"
ProcessID : 3324
ThreadCreationTime : 5-1-2005 3:07:13 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : QuickSet Application
FileDescription : QuickSet MFC Application
InternalName : direct
LegalCopyright : Copyright © 2001
OriginalFilename : direct.EXE

#:34 [dsentry.exe]
ModuleName : C:\WINDOWS\System32\DSentry.exe
Command Line : "C:\WINDOWS\System32\DSentry.exe"
ProcessID : 3848
ThreadCreationTime : 5-1-2005 3:07:15 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : Dell - DVDSentry
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
LegalCopyright : Copyright © 2002 Dell
OriginalFilename : DSentry.exe
Comments : DVDSentry launches your software DVD player when a DVD is inserted.

#:35 [rstate.exe]
ModuleName : C:\PROGRA~1\MOBILE~1\rstate.exe
Command Line : "C:\PROGRA~1\MOBILE~1\rstate.exe"
ProcessID : 3924
ThreadCreationTime : 5-1-2005 3:07:17 PM
BasePriority : Normal
FileVersion : 5.0.1378.0
ProductVersion : 5.0.1378.0
ProductName : Mobile Automation
CompanyName : Mobile Automation, Inc.
FileDescription : Mobile Automation Agent
InternalName : RSTATE.EXE
LegalCopyright : Copyright © Mobile Automation 1997-2002
OriginalFilename : RSTATE.EXE

#:36 [shstat.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
Command Line : "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
ProcessID : 3996
ThreadCreationTime : 5-1-2005 3:07:18 PM
BasePriority : Normal


#:37 [lxbfbmgr.exe]
ModuleName : C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
Command Line : "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
ProcessID : 4072
ThreadCreationTime : 5-1-2005 3:07:20 PM
BasePriority : Normal
FileVersion : 0.1.25.0
ProductVersion : 0.1.25.0
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X6100 Series Button Manager
InternalName : lxbfbmgr.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbfbmgr.exe

#:38 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 4084
ThreadCreationTime : 5-1-2005 3:07:23 PM
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:39 [lxbfbmon.exe]
ModuleName : C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
Command Line : "C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe"
ProcessID : 4088
ThreadCreationTime : 5-1-2005 3:07:23 PM
BasePriority : Normal
FileVersion : 0.1.25.0
ProductVersion : 0.1.25.0
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X6100 Series Button Monitor
InternalName : lxbfbmon.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbfbmon.exe

#:40 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 444
ThreadCreationTime : 5-1-2005 3:07:37 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:41 [wcescomm.exe]
ModuleName : C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
Command Line : "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
ProcessID : 612
ThreadCreationTime : 5-1-2005 3:07:42 PM
BasePriority : Normal
FileVersion : 3.7.1.4034
ProductVersion : 3.7.4034
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : ActiveSync Connection Manager
InternalName : wcescomm
LegalCopyright : Copyright © 1995-2004 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : WCESCOMM.EXE

#:42 [googledesktop.exe]
ModuleName : C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
Command Line : "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
ProcessID : 620
ThreadCreationTime : 5-1-2005 3:07:43 PM
BasePriority : Normal


#:43 [attrib.exe]
ModuleName : C:\WINDOWS\system32\F?nts\attrib.exe
Command Line : "C:\WINDOWS\system32\F?nts\attrib.exe"
ProcessID : 816
ThreadCreationTime : 5-1-2005 3:07:52 PM
BasePriority : Normal


ClickSpring Object Recognized!
Type : Process
Data : attrib.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\F?nts\


Warning! ClickSpring Object found in memory(C:\WINDOWS\system32\F?nts\attrib.exe)

"C:\WINDOWS\system32\F?nts\attrib.exe"Process terminated successfully
"C:\WINDOWS\system32\F?nts\attrib.exe"Process terminated successfully

#:44 [1xconfig.exe]
ModuleName : C:\WINDOWS\System32\1XConfig.exe
Command Line : C:\WINDOWS\System32\1XConfig.exe -Embedding
ProcessID : 128
ThreadCreationTime : 5-1-2005 3:07:53 PM
BasePriority : Normal
FileVersion : 4, 1, 0, 3
ProductVersion : 4, 1, 0, 0
ProductName : 8021XConfig Module
CompanyName : Intel
FileDescription : 8021XConfig Module
InternalName : 8021XConfig
LegalCopyright : Copyright 2004
OriginalFilename : 1XConfig.EXE
Comments : Wrapper for MH. (Service COM)

#:45 [rsstatus.exe]
ModuleName : c:\program files\mobile automation\rsstatus.exe
Command Line : "c:\program files\mobile automation\rsstatus.exe"
ProcessID : 2120
ThreadCreationTime : 5-1-2005 3:07:58 PM
BasePriority : Normal
FileVersion : 5.0.1378.0
ProductVersion : 5.0.1378.0
ProductName : Mobile Automation
CompanyName : Mobile Automation, Inc.
FileDescription : Mobile Automation Agent Status
InternalName : RSSTATUS.EXE
LegalCopyright : Copyright © Mobile Automation 1997-2002
OriginalFilename : RSSTATUS.EXE

#:46 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 2296
ThreadCreationTime : 5-1-2005 3:07:59 PM
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:47 [dlg.exe]
ModuleName : C:\Program Files\Digital Line Detect\DLG.exe
Command Line : "C:\Program Files\Digital Line Detect\DLG.exe"
ProcessID : 2740
ThreadCreationTime : 5-1-2005 3:08:29 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe

#:48 [j2gdllcmd.exe]
ModuleName : C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
Command Line : "C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe" /R
ProcessID : 2748
ThreadCreationTime : 5-1-2005 3:08:30 PM
BasePriority : Normal
FileVersion : 3.5.231.0
ProductVersion : 3.5.231.0
ProductName : eFax Messenger ™
CompanyName : j2 Global Communications, Inc.
FileDescription : eFax Messenger - DLL Command Utility
InternalName : DllCmd32
LegalCopyright : Copyright © 2005 j2 Global Communications, Inc.
LegalTrademarks : eFax®
eFax.com ™
eFax Messenger ™
eFax Messenger Plus ™
j2 Messenger ™
eVoice ™
JetSuite®
PaperMaster Pro ™
OriginalFilename : DllCmd32.exe

#:49 [j2gtray.exe]
ModuleName : C:\Program Files\eFax Messenger 3.5\J2GTray.exe
Command Line : "C:\Program Files\eFax Messenger 3.5\J2GTray.exe"
ProcessID : 2808
ThreadCreationTime : 5-1-2005 3:08:31 PM
BasePriority : Normal
FileVersion : 3.5.231.0
ProductVersion : 3.5.231.0
ProductName : eFax Messenger ™
CompanyName : j2 Global Communications, Inc.
FileDescription : eFax Messenger - Tray
InternalName : HotTray
LegalCopyright : Copyright © 2005 j2 Global Communications, Inc.
LegalTrademarks : eFax®
eFax.com ™
eFax Messenger ™
eFax Messenger Plus ™
j2 Messenger ™
eVoice ™
JetSuite®
PaperMaster Pro ™
OriginalFilename : HotTray.exe

#:50 [spysub.exe]
ModuleName : C:\Program Files\interMute\SpySubtract\SpySub.exe
Command Line : "C:\Program Files\interMute\SpySubtract\SpySub.exe" -autostart
ProcessID : 2844
ThreadCreationTime : 5-1-2005 3:08:32 PM
BasePriority : Normal
FileVersion : 1, 0, 1, 49
ProductVersion : 2.60
ProductName : SpySubtract
CompanyName : InterMute, Inc.
FileDescription : SpySubtract Program EXE
InternalName : SpySub.exe
LegalCopyright : Copyright © 2004 InterMute, Inc. All rights reserved.
OriginalFilename : SpySub.exe

#:51 [googledesktopindex.exe]
ModuleName : C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
Command Line : "GoogleDesktopIndex.exe"
ProcessID : 2892
ThreadCreationTime : 5-1-2005 3:08:51 PM
BasePriority : Normal


#:52 [googledesktopcrawl.exe]
ModuleName : C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
Command Line : "GoogleDesktopCrawl.exe" /ie /favorites /recent
ProcessID : 3184
ThreadCreationTime : 5-1-2005 3:08:52 PM
BasePriority : Normal


#:53 [ewidoguard.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoguard.exe
Command Line : n/a
ProcessID : 708
ThreadCreationTime : 5-1-2005 3:09:01 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe

#:54 [outlook.exe]
ModuleName : C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
Command Line : "C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE" /importprf C:\DOCUME~1\PGAUDE~1\CBMail.PRF
ProcessID : 2452
ThreadCreationTime : 5-1-2005 9:01:19 PM
BasePriority : Normal


#:55 [winword.exe]
ModuleName : C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
Command Line : "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" -Embedding
ProcessID : 1640
ThreadCreationTime : 5-1-2005 9:02:24 PM
BasePriority : Normal


#:56 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 2316
ThreadCreationTime : 5-1-2005 11:22:45 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:57 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4940
ThreadCreationTime : 5-2-2005 1:35:53 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@oinadserve[1].txt
Category : Data Miner
Comment : Hits:21
Value : Cookie:[email protected]/
Expires : 12-31-2020 8:00:00 PM
LastSync : Hits:21
UseCount : 0
Hits : 21

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 5-1-2006 6:54:34 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@adrevolver[2].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/adrevolver/
Expires : 1-23-2008 6:29:18 AM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@trafficmp[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 5-1-2006 9:37:08 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 5-2-2005 12:53:28 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@fastclick[2].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:[email protected]/
Expires : 4-21-2007 12:53:28 PM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@revenue[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 6-10-2022 1:05:42 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@casalemedia[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 4-22-2006 5:25:34 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\pgaudette\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@apmebf[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\pgaudette\Cookies\pgaudette@apmebf[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\pgaudette\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\pgaudette\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@qksrv[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\pgaudette\Cookies\pgaudette@qksrv[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\pgaudette\Cookies\pgaudette@questionmarket[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@revenue[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\pgaudette\Cookies\pgaudette@revenue[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@trafficmp[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\pgaudette\Cookies\pgaudette@trafficmp[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\pgaudette\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@zedo[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\pgaudette\Cookies\pgaudette@zedo[1].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 18
Objects found so far: 19



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@adrevolver[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\pgaudette\Local Settings\Temp\Cookies\pgaudette@adrevolver[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@casalemedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\pgaudette\Local Settings\Temp\Cookies\pgaudette@casalemedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@fastclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\pgaudette\Local Settings\Temp\Cookies\pgaudette@fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@oinadserve[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\pgaudette\Local Settings\Temp\Cookies\pgaudette@oinadserve[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@revenue[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\pgaudette\Local Settings\Temp\Cookies\pgaudette@revenue[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@trafficmp[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\pgaudette\Local Settings\Temp\Cookies\pgaudette@trafficmp[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\pgaudette\Local Settings\Temp\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\pgaudette\Local Settings\Temp\Cookies\[email protected][1].txt

MediaMotor Object Recognized!
Type : File
Data : ceres.cab
Category : Malware
Comment :
Object : C:\Documents and Settings\pgaudette\Local Settings\Temp\DrTemp\



Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Temp\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@casalemedia[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Temp\Cookies\pgaudette@casalemedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Temp\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Temp\Cookies\pgaudette@questionmarket[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pgaudette@revenue[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Temp\Cookies\pgaudette@revenue[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Temp\Cookies\[email protected][1].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
16 entries scanned.
New critical objects:0
Objects found so far: 34




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34

10:04:28 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:28:20.37
Objects scanned:173854
Objects identified:34
Objects ignored:0
New critical objects:34
  • 0

#6
Rawe
Posted 01 May 2005 - 11:34 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi again!

Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R42 28.04.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to help in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to any objects you wish to remove. Click next, Click Ok.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:
  • 0

#7
prgaudette
Posted 02 May 2005 - 09:32 PM

prgaudette

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I followed the procedures as outlined above. Here is my fresh scanlog.

Ad-Aware SE Build 1.05
Logfile Created on:Monday, May 02, 2005 10:55:18 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ClickSpring(TAC index:6):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:20 %
Total physical memory:522456 kb
Available physical memory:104208 kb
Total page file size:1278152 kb
Available on page file:899960 kb
Total virtual memory:2097024 kb
Available virtual memory:2048516 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-2-2005 10:55:18 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 780
ThreadCreationTime : 5-3-2005 2:46:36 AM
BasePriority : Normal


#:2 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : n/a
ProcessID : 908
ThreadCreationTime : 5-3-2005 2:46:40 AM
BasePriority : High


#:3 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : n/a
ProcessID : 952
ThreadCreationTime : 5-3-2005 2:46:40 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : n/a
ProcessID : 964
ThreadCreationTime : 5-3-2005 2:46:40 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : n/a
ProcessID : 1116
ThreadCreationTime : 5-3-2005 2:46:40 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1240
ThreadCreationTime : 5-3-2005 2:46:41 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [s24evmon.exe]
ModuleName : C:\WINDOWS\System32\S24EvMon.exe
Command Line : n/a
ProcessID : 1276
ThreadCreationTime : 5-3-2005 2:46:41 AM
BasePriority : Normal
FileVersion : 4, 1, 0, 3
ProductVersion : 4, 1, 0, 3
ProductName : Mobile Unit Support Service
CompanyName : Intel Corporation
FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
InternalName : S24EvMon
LegalCopyright : Copyright © 2001 - 2004 Intel Corporation, 1997 - 2001 Symbol Technologies, Inc. Portions

Copyright © MIT
OriginalFilename : S24EvMon.exe

#:8 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : n/a
ProcessID : 1552
ThreadCreationTime : 5-3-2005 2:46:42 AM
BasePriority : Normal
FileVersion : 8.19
ProductVersion : 8.19
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:9 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : n/a
ProcessID : 1580
ThreadCreationTime : 5-3-2005 2:46:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:10 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : n/a
ProcessID : 1588
ThreadCreationTime : 5-3-2005 2:46:42 AM
BasePriority : Normal
FileVersion : 8.19
ProductVersion : 8.19
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:11 [agentsrv.exe]
ModuleName : C:\Program Files\Centerbeam\AgentSrv.EXE
Command Line : n/a
ProcessID : 1772
ThreadCreationTime : 5-3-2005 2:46:42 AM
BasePriority : Normal
FileVersion : 7.1.3.0439
ProductVersion : 7.1.3a
ProductName : Connected DataProtector
CompanyName : Connected Corporation
FileDescription : Agent Service Module
InternalName : AgentSrv
LegalCopyright : © 2004 by Connected Corporation
OriginalFilename : AgentSrv.exe

#:12 [acsvc.exe]
ModuleName : c:\program files\ascent\bin\acsvc.exe
Command Line : n/a
ProcessID : 1788
ThreadCreationTime : 5-3-2005 2:46:42 AM
BasePriority : Normal


#:13 [basfipm.exe]
ModuleName : C:\WINDOWS\System32\basfipm.exe
Command Line : n/a
ProcessID : 1844
ThreadCreationTime : 5-3-2005 2:46:43 AM
BasePriority : Normal
FileVersion : 6.0.3
ProductVersion : 6.0.3
ProductName : Broadcom ASF IP monitoring service
CompanyName : Broadcom Corp.
FileDescription : Broadcom ASF IP monitoring service
InternalName : BAsfIpM
LegalCopyright : Copyright© 2003 Broadcom Corporation, All Rights Reserved
OriginalFilename : BAsfIpM.EXE

#:14 [besclient.exe]
ModuleName : C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
Command Line : n/a
ProcessID : 1864
ThreadCreationTime : 5-3-2005 2:46:44 AM
BasePriority : Normal
FileVersion : 5, 0, 14, 0
ProductVersion : 5, 0, 14, 0
ProductName : BESClient
CompanyName : BigFix Inc.
FileDescription : BigFix BESClient Application
InternalName : BESClient
LegalCopyright : Copyright © 2002
OriginalFilename : BESClient.exe

#:15 [cvpnd.exe]
ModuleName : C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
Command Line : n/a
ProcessID : 1892
ThreadCreationTime : 5-3-2005 2:46:44 AM
BasePriority : Normal
FileVersion : 4.0.3 (A)
ProductVersion : 4.0.3 (A)
ProductName : Cisco Systems VPN Client
CompanyName : Cisco Systems, Inc.
FileDescription : Cisco Systems VPN Client
InternalName : cvpnd
LegalCopyright : Copyright © 1998-2003 Cisco Systems, Inc.
OriginalFilename : CVPND.EXE

#:16 [dkservice.exe]
ModuleName : C:\Program Files\Executive Software\Diskeeper\DkService.exe
Command Line : n/a
ProcessID : 1908
ThreadCreationTime : 5-3-2005 2:46:44 AM
BasePriority : Normal
FileVersion : 8.0.478.0
ProductVersion : 8.0.478.0
ProductName : Diskeeper ™ Disk Defragmenter
CompanyName : Executive Software International, Inc.
FileDescription : DKSERVICE.EXE
InternalName : DKSERVICE
LegalCopyright : © 1995-2004 Executive Software Int'l, Inc.
OriginalFilename : DKSERVICE

#:17 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : n/a
ProcessID : 1936
ThreadCreationTime : 5-3-2005 2:46:44 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:18 [ewidoguard.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoguard.exe
Command Line : n/a
ProcessID : 1952
ThreadCreationTime : 5-3-2005 2:46:44 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe

#:19 [frameworkservice.exe]
ModuleName : C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
Command Line : n/a
ProcessID : 2008
ThreadCreationTime : 5-3-2005 2:46:44 AM
BasePriority : Normal
FileVersion : 3.5.0.435
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Framework Service
InternalName : Framework
LegalCopyright : Copyright© 2000-2004 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : Framework.exe

#:20 [mcshield.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\mcshield.exe
Command Line : n/a
ProcessID : 184
ThreadCreationTime : 5-3-2005 2:46:44 AM
BasePriority : High


#:21 [vstskmgr.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
Command Line : n/a
ProcessID : 244
ThreadCreationTime : 5-3-2005 2:46:46 AM
BasePriority : Normal


#:22 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : n/a
ProcessID : 268
ThreadCreationTime : 5-3-2005 2:46:46 AM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:23 [rstate.exe]
ModuleName : c:\program files\mobile automation\rstate.exe
Command Line : n/a
ProcessID : 300
ThreadCreationTime : 5-3-2005 2:46:46 AM
BasePriority : Normal
FileVersion : 5.0.1378.0
ProductVersion : 5.0.1378.0
ProductName : Mobile Automation
CompanyName : Mobile Automation, Inc.
FileDescription : Mobile Automation Agent
InternalName : RSTATE.EXE
LegalCopyright : Copyright © Mobile Automation 1997-2002
OriginalFilename : RSTATE.EXE

#:24 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32.exe "C:\WINDOWS\system32\aldiosrv.dll",DllGetVersion
ProcessID : 384
ThreadCreationTime : 5-3-2005 2:46:48 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:25 [sqlservr.exe]
ModuleName : C:\Program Files\Ascent\Server\MSSQL$ASCENTCAPTURE\Binn\sqlservr.exe
Command Line : n/a
ProcessID : 476
ThreadCreationTime : 5-3-2005 2:46:50 AM
BasePriority : Normal
FileVersion : 2000.080.0818.00
ProductVersion : 8.00.818
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Windows NT
InternalName : SQLSERVR
LegalCopyright : © 1988-2003 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of

Microsoft Corporation
OriginalFilename : SQLSERVR.EXE
Comments : NT INTEL X86

#:26 [regsrvc.exe]
ModuleName : C:\WINDOWS\System32\RegSrvc.exe
Command Line : n/a
ProcessID : 688
ThreadCreationTime : 5-3-2005 2:46:53 AM
BasePriority : Normal
FileVersion : 4, 1, 0, 0
ProductVersion : 4, 1, 0, 0
ProductName : RegSrvc Module
CompanyName : Intel Corporation
FileDescription : RegSrvc Module
InternalName : RegSrvc
LegalCopyright : Copyright © 2002 - 2004 Intel Corporation
OriginalFilename : RegSrvc.EXE

#:27 [r_server.exe]
ModuleName : C:\WINDOWS\System32\r_server.exe
Command Line : n/a
ProcessID : 708
ThreadCreationTime : 5-3-2005 2:46:53 AM
BasePriority : Normal


#:28 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 748
ThreadCreationTime : 5-3-2005 2:46:54 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:29 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 816
ThreadCreationTime : 5-3-2005 2:46:54 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:30 [apoint.exe]
ModuleName : C:\Program Files\Apoint\Apoint.exe
Command Line : "C:\Program Files\Apoint\Apoint.exe"
ProcessID : 2340
ThreadCreationTime : 5-3-2005 2:47:22 AM
BasePriority : Normal
FileVersion : 5.5.101.141
ProductVersion : 5.5.101.141
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2004 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:31 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 2376
ThreadCreationTime : 5-3-2005 2:47:24 AM
BasePriority : Normal
FileVersion : 3.0.0.3889
ProductVersion : 7.0.0.3889
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : HKCMD.EXE

#:32 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 2408
ThreadCreationTime : 5-3-2005 2:47:25 AM
BasePriority : Normal


#:33 [pronomgr.exe]
ModuleName : C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
Command Line : "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
ProcessID : 2460
ThreadCreationTime : 5-3-2005 2:47:28 AM
BasePriority : Normal
FileVersion : 6.1.302.0
ProductVersion : 6.1.302.0
ProductName : Intel® Network Configuration Services
CompanyName : Intel® Corporation
FileDescription : PRONotifyMgr Module
InternalName : PRONotifyMgr
LegalCopyright : Copyright© 2001-2002 Intel Corporation
OriginalFilename : PRONoMgr.exe

#:34 [apntex.exe]
ModuleName : C:\Program Files\Apoint\Apntex.exe
Command Line : "Apntex.exe"
ProcessID : 2496
ThreadCreationTime : 5-3-2005 2:47:29 AM
BasePriority : Normal
FileVersion : 5.5.1.19
ProductVersion : 5.5.1.19
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
LegalCopyright : Copyright © 1998-2004 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:35 [quickset.exe]
ModuleName : C:\Program Files\Dell\QuickSet\quickset.exe
Command Line : "C:\Program Files\Dell\QuickSet\quickset.exe"
ProcessID : 2536
ThreadCreationTime : 5-3-2005 2:47:30 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : QuickSet Application
FileDescription : QuickSet MFC Application
InternalName : direct
LegalCopyright : Copyright © 2001
OriginalFilename : direct.EXE

#:36 [dsentry.exe]
ModuleName : C:\WINDOWS\System32\DSentry.exe
Command Line : "C:\WINDOWS\System32\DSentry.exe"
ProcessID : 2652
ThreadCreationTime : 5-3-2005 2:47:34 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : Dell - DVDSentry
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
LegalCopyright : Copyright © 2002 Dell
OriginalFilename : DSentry.exe
Comments : DVDSentry launches your software DVD player when a DVD is inserted.

#:37 [rstate.exe]
ModuleName : C:\PROGRA~1\MOBILE~1\rstate.exe
Command Line : "C:\PROGRA~1\MOBILE~1\rstate.exe"
ProcessID : 2660
ThreadCreationTime : 5-3-2005 2:47:35 AM
BasePriority : Normal
FileVersion : 5.0.1378.0
ProductVersion : 5.0.1378.0
ProductName : Mobile Automation
CompanyName : Mobile Automation, Inc.
FileDescription : Mobile Automation Agent
InternalName : RSTATE.EXE
LegalCopyright : Copyright © Mobile Automation 1997-2002
OriginalFilename : RSTATE.EXE

#:38 [shstat.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
Command Line : "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
ProcessID : 2824
ThreadCreationTime : 5-3-2005 2:47:47 AM
BasePriority : Normal


#:39 [updaterui.exe]
ModuleName : C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
Command Line : "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
ProcessID : 2936
ThreadCreationTime : 5-3-2005 2:47:50 AM
BasePriority : Normal
FileVersion : 3.5.0.435
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Common User Interface
InternalName : UpdaterUI
LegalCopyright : Copyright© 2000-2004 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : UpdaterUI.exe

#:40 [1xconfig.exe]
ModuleName : C:\WINDOWS\System32\1XConfig.exe
Command Line : C:\WINDOWS\System32\1XConfig.exe -Embedding
ProcessID : 2952
ThreadCreationTime : 5-3-2005 2:47:50 AM
BasePriority : Normal
FileVersion : 4, 1, 0, 3
ProductVersion : 4, 1, 0, 0
ProductName : 8021XConfig Module
CompanyName : Intel
FileDescription : 8021XConfig Module
InternalName : 8021XConfig
LegalCopyright : Copyright 2004
OriginalFilename : 1XConfig.EXE
Comments : Wrapper for MH. (Service COM)

#:41 [lxbfbmgr.exe]
ModuleName : C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
Command Line : "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
ProcessID : 2956
ThreadCreationTime : 5-3-2005 2:47:50 AM
BasePriority : Normal
FileVersion : 0.1.25.0
ProductVersion : 0.1.25.0
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X6100 Series Button Manager
InternalName : lxbfbmgr.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbfbmgr.exe

#:42 [lxbfbmon.exe]
ModuleName : C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
Command Line : "C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe"
ProcessID : 2992
ThreadCreationTime : 5-3-2005 2:47:53 AM
BasePriority : Normal
FileVersion : 0.1.25.0
ProductVersion : 0.1.25.0
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X6100 Series Button Monitor
InternalName : lxbfbmon.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbfbmon.exe

#:43 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 2996
ThreadCreationTime : 5-3-2005 2:47:53 AM
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a

trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:44 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 3196
ThreadCreationTime : 5-3-2005 2:48:02 AM
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a

trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:45 [rsstatus.exe]
ModuleName : c:\program files\mobile automation\rsstatus.exe
Command Line : "c:\program files\mobile automation\rsstatus.exe"
ProcessID : 3392
ThreadCreationTime : 5-3-2005 2:48:17 AM
BasePriority : Normal
FileVersion : 5.0.1378.0
ProductVersion : 5.0.1378.0
ProductName : Mobile Automation
CompanyName : Mobile Automation, Inc.
FileDescription : Mobile Automation Agent Status
InternalName : RSSTATUS.EXE
LegalCopyright : Copyright © Mobile Automation 1997-2002
OriginalFilename : RSSTATUS.EXE

#:46 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 3488
ThreadCreationTime : 5-3-2005 2:48:28 AM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other

countries.
OriginalFilename : msmsgs.exe

#:47 [wcescomm.exe]
ModuleName : C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
Command Line : "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
ProcessID : 3580
ThreadCreationTime : 5-3-2005 2:48:32 AM
BasePriority : Normal
FileVersion : 3.7.1.4034
ProductVersion : 3.7.4034
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : ActiveSync Connection Manager
InternalName : wcescomm
LegalCopyright : Copyright © 1995-2004 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : WCESCOMM.EXE

#:48 [googledesktop.exe]
ModuleName : C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
Command Line : "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
ProcessID : 3600
ThreadCreationTime : 5-3-2005 2:48:32 AM
BasePriority : Normal


#:49 [attrib.exe]
ModuleName : C:\WINDOWS\system32\F?nts\attrib.exe
Command Line : "C:\WINDOWS\system32\F?nts\attrib.exe"
ProcessID : 3660
ThreadCreationTime : 5-3-2005 2:48:36 AM
BasePriority : Normal


ClickSpring Object Recognized!
Type : Process
Data : attrib.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\F?nts\


Warning! ClickSpring Object found in memory(C:\WINDOWS\system32\F?nts\attrib.exe)

"C:\WINDOWS\system32\F?nts\attrib.exe"Process terminated successfully
"C:\WINDOWS\system32\F?nts\attrib.exe"Process terminated successfully

#:50 [dlg.exe]
ModuleName : C:\Program Files\Digital Line Detect\DLG.exe
Command Line : "C:\Program Files\Digital Line Detect\DLG.exe"
ProcessID : 3700
ThreadCreationTime : 5-3-2005 2:48:46 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe

#:51 [j2gdllcmd.exe]
ModuleName : C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
Command Line : "C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe" /R
ProcessID : 3712
ThreadCreationTime : 5-3-2005 2:48:48 AM
BasePriority : Normal
FileVersion : 3.5.231.0
ProductVersion : 3.5.231.0
ProductName : eFax Messenger ™
CompanyName : j2 Global Communications, Inc.
FileDescription : eFax Messenger - DLL Command Utility
InternalName : DllCmd32
LegalCopyright : Copyright © 2005 j2 Global Communications, Inc.
LegalTrademarks : eFax®
eFax.com ™
eFax Messenger ™
eFax Messenger Plus ™
j2 Messenger ™
eVoice ™
JetSuite®
PaperMaster Pro ™
OriginalFilename : DllCmd32.exe

#:52 [j2gtray.exe]
ModuleName : C:\Program Files\eFax Messenger 3.5\J2GTray.exe
Command Line : "C:\Program Files\eFax Messenger 3.5\J2GTray.exe"
ProcessID : 3732
ThreadCreationTime : 5-3-2005 2:48:51 AM
BasePriority : Normal
FileVersion : 3.5.231.0
ProductVersion : 3.5.231.0
ProductName : eFax Messenger ™
CompanyName : j2 Global Communications, Inc.
FileDescription : eFax Messenger - Tray
InternalName : HotTray
LegalCopyright : Copyright © 2005 j2 Global Communications, Inc.
LegalTrademarks : eFax®
eFax.com ™
eFax Messenger ™
eFax Messenger Plus ™
j2 Messenger ™
eVoice ™
JetSuite®
PaperMaster Pro ™
OriginalFilename : HotTray.exe

#:53 [spysub.exe]
ModuleName : C:\Program Files\interMute\SpySubtract\SpySub.exe
Command Line : "C:\Program Files\interMute\SpySubtract\SpySub.exe" -autostart
ProcessID : 3744
ThreadCreationTime : 5-3-2005 2:48:54 AM
BasePriority : Normal
FileVersion : 1, 0, 1, 49
ProductVersion : 2.60
ProductName : SpySubtract
CompanyName : InterMute, Inc.
FileDescription : SpySubtract Program EXE
InternalName : SpySub.exe
LegalCopyright : Copyright © 2004 InterMute, Inc. All rights reserved.
OriginalFilename : SpySub.exe

#:54 [googledesktopindex.exe]
ModuleName : C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
Command Line : "GoogleDesktopIndex.exe"
ProcessID : 4008
ThreadCreationTime : 5-3-2005 2:50:33 AM
BasePriority : Normal


#:55 [googledesktopcrawl.exe]
ModuleName : C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
Command Line : "GoogleDesktopCrawl.exe" /ie /favorites /recent
ProcessID : 4028
ThreadCreationTime : 5-3-2005 2:50:34 AM
BasePriority : Normal


#:56 [notepad.exe]
ModuleName : C:\WINDOWS\system32\NOTEPAD.EXE
Command Line : "C:\WINDOWS\system32\NOTEPAD.EXE" C:\Documents and Settings\pgaudette\Desktop\fix.txt
ProcessID : 1364
ThreadCreationTime : 5-3-2005 2:54:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE

#:57 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2184
ThreadCreationTime : 5-3-2005 2:54:48 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 1




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

11:19:50 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:24:32.487
Objects scanned:148072
Objects identified:1
Objects ignored:0
New critical objects:1
  • 0

#8
Rawe
Posted 03 May 2005 - 06:26 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
How is your system working?
Scan with these online virus scans and post the results here;
- Panda Activescan
- Trend Micro

- Rawe :tazz:
  • 0

#9
prgaudette
Posted 03 May 2005 - 06:29 AM

prgaudette

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Still getting pop up ads. Will scan and post the results.
  • 0

#10
prgaudette
Posted 03 May 2005 - 01:22 PM

prgaudette

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here is the scan from Panda

Incident Status Location

Adware:Adware/SaveNow No disinfected C:\Documents and Settings\All Users\Application Data\nsv
Adware:Adware/BookedSpace No disinfected Windows Registry
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\system32\nsvsvc
Adware:Adware/ISearch No disinfected C:\WINDOWS\deskbar.ini
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\exdl.exe
Adware:Adware/Pacimedia No disinfected Windows Registry
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\pgaudette\Application Data\osoa.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\deskbar.ini
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\exdl.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\SYSTEM32\246765-ventura-hot.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\d0j02a1mgd.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\en4ql1h51.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\gp20l3fm1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\ir6ol5j31.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\meoeacct.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\mmcoree.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\wddmtpus.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\wypns.dll
  • 0

Advertisements

#11
Guest_Andy_veal_*
Posted 03 May 2005 - 05:26 PM

Guest_Andy_veal_*
  • Guest

#:49 [attrib.exe]
ModuleName : C:\WINDOWS\system32\F?nts\attrib.exe
Command Line : "C:\WINDOWS\system32\F?nts\attrib.exe"
ProcessID : 3660
ThreadCreationTime : 5-3-2005 2:48:36 AM
BasePriority : Normal


Download the following program called KillBox

And delete this file on reboot:
C:\WINDOWS\system32\F?nts\attrib.exe

Once complete please see my advise below.

I would like to check that your logfile is clean from the removal of that process.

Thanks
  • 0

#12
Guest_Andy_veal_*
Posted 03 May 2005 - 05:26 PM

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0

#13
prgaudette
Posted 03 May 2005 - 09:45 PM

prgaudette

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:38:07 PM, on 5/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Centerbeam\AgentSrv.EXE
c:\program files\ascent\bin\acsvc.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\mobile automation\rstate.exe
C:\Program Files\Ascent\Server\MSSQL$ASCENTCAPTURE\Binn\sqlservr.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\r_server.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\MOBILE~1\rstate.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\program files\mobile automation\rsstatus.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\F?nts\attrib.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
C:\Program Files\eFax Messenger 3.5\J2GTray.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Documents and Settings\pgaudette\My Documents\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mychartone.ch...sg/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mychartone.ch...sg/default.aspx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Mobile Automation Agent] c:\PROGRA~1\MOBILE~1\rstate.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Jee] C:\WINDOWS\system32\F?nts\attrib.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: eFax DllCmd 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GTray.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: help.centerbeam.com
O15 - Trusted Zone: http://lic.music.msn.com
O15 - Trusted Zone: http://music.msn.com
O15 - Trusted Zone: *.chartone.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2F5B39C5-C6F5-447A-A946-48B382C53985} - http://www.pacimedia...ll/pcs_0026.exe
O16 - DPF: {3AC3D009-2E89-4F1E-9F51-04D4FBD50122} (Shoretel SClientInstall) - http://sj-juno-06/sh...ientInstall.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1109885123266
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.co...snediag2729.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc4.webresp...t/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://www.chartvau.../js/capicom.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://E:\AUTORUN\Flash\swflash.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.co...snmusax2729.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CORP.CHARTONEINC.COM
O17 - HKLM\Software\..\Telephony: DomainName = CORP.CHARTONEINC.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CORP.CHARTONEINC.COM
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\NNTUI2.DLL
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\j4j60e1seh.dll
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\fpno0353e.dll (file missing)
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Centerbeam\AgentSrv.EXE
O23 - Service: Ascent Capture Service - Kofax Image Products - c:\program files\ascent\bin\acsvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Mobile Automation Agent (MobileAutmationAgentService) - Mobile Automation, Inc. - c:\program files\mobile automation\rstate.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\System32\r_server.exe" /service (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
  • 0

#14
Avohir
Posted 08 May 2005 - 01:46 AM

Avohir

    Visiting Staff

  • Visiting Consultant
  • 1,002 posts
Hi and welcome to GTG :tazz:

Sorry for the late reply,
If you’re still looking to resolve this issue,
Please run through the steps outlined in this Topic
Post back a fresh log when done please

If you have resolved this issue please let us know,
Thanks and again sorry for the late reply,

-Avohir
  • 0

#15
prgaudette
Posted 08 May 2005 - 04:19 PM

prgaudette

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I am still looking for help. I have been through everything posted in the recommended topic and it hasn't seemed to help. Here is a fresh log:

Logfile of HijackThis v1.99.1
Scan saved at 6:17:12 PM, on 5/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Centerbeam\AgentSrv.EXE
c:\program files\ascent\bin\acsvc.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\mobile automation\rstate.exe
C:\Program Files\Ascent\Server\MSSQL$ASCENTCAPTURE\Binn\sqlservr.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\r_server.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\MOBILE~1\rstate.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\program files\mobile automation\rsstatus.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\F?nts\attrib.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
C:\Program Files\eFax Messenger 3.5\J2GTray.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\pgaudette\My Documents\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://mychartone.ch...sg/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://mychartone.ch...sg/default.aspx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Mobile Automation Agent] c:\PROGRA~1\MOBILE~1\rstate.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"

/StartedFromRunKey
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"

/startup
O4 - HKCU\..\Run: [Jee] C:\WINDOWS\system32\F?nts\attrib.exe
O4 - HKCU\..\Run: [Ncao] C:\Documents and Settings\pgaudette\Application Data\osoa.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: eFax DllCmd 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GTray.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft

ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft

ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program

Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O15 - Trusted Zone: help.centerbeam.com
O15 - Trusted Zone: http://lic.music.msn.com
O15 - Trusted Zone: http://music.msn.com
O15 - Trusted Zone: *.chartone.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft....467&clcid=0x409
O16 - DPF: {2F5B39C5-C6F5-447A-A946-48B382C53985} - http://www.pacimedia...ll/pcs_0026.exe
O16 - DPF: {3AC3D009-2E89-4F1E-9F51-04D4FBD50122} (Shoretel SClientInstall) -

http://sj-juno-06/sh...ientInstall.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupd...b?1109885123266
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) -

http://entimg.msn.co...snediag2729.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) -

https://rtc4.webresp...t/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://www.chartvau.../js/capicom.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

file://E:\AUTORUN\Flash\swflash.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) -

http://entimg.msn.co...snmusax2729.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CORP.CHARTONEINC.COM
O17 - HKLM\Software\..\Telephony: DomainName = CORP.CHARTONEINC.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CORP.CHARTONEINC.COM
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\fpno0353e.dll (file missing)
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\p4r40e9qeh.dll
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program

Files\Centerbeam\AgentSrv.EXE
O23 - Service: Ascent Capture Service - Kofax Image Products - c:\program files\ascent\bin\acsvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. -

C:\WINDOWS\System32\basfipm.exe
O23 - Service: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES

Client\BESClient.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco

Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive

Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security

suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security

suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network

Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network

Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program

Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Mobile Automation Agent (MobileAutmationAgentService) - Mobile Automation, Inc. - c:\program

files\mobile automation\rstate.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program

Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\System32\r_server.exe"

/service (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation -

C:\WINDOWS\System32\S24EvMon.exe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP