Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Referred]aurora & other vicious items


  • Please log in to reply

#1
tree_o

tree_o

    New Member

  • Member
  • Pip
  • 5 posts
Hello,
I have this vicious aurora pop up program which i cannot purge, and none of the spyware programs (microsoft spyware, spybot, spysubtract,etc) have identified it. the program application name is aurora when it "pops" up ads, but the name in the c:/windows file is "kvauikeuu" -- when i delete it it comes back.

i also have other adware i cannot purge (blodger?). this really undermines my confidence in myself as computer-aware!! all this automatically-downloaded CRAP!

can you look over my log file from ad-aware and let me know what still remains to be done? i have run about 10 purges today between the different software i have downloaded and run, in addition to running a macaffee scan of my computer in safe mode yesterday.

I am also afraid that i have deleted necessary files from my c:/windows or c:/windows/sys32 file, in my zeal to delete applications i didnot recognize. is there a way to rectify this? I APPRECIATE ANY HELP YOU CAN PROVIDE!

Thanks,
-Tree_o

here is my ad-aware log file:

Logfile removed: Incorrect logfile type posted

Edited by Andy_veal, 05 May 2005 - 05:01 PM.

  • 0

Advertisements


#2
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts

5-3-2005 7:13:17 PM - Scan started. (Custom mode)


If you could, please post a scanlog from "Full system scan".. I'll take a look then.

- Rawe :tazz:
  • 0

#3
tree_o

tree_o

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
hello again,
got your message, and here is the log file from a full system adware scan (instead of a customized scan). I'm still having problems with "aurora", and spysubtract thinks there's something wrong with my network settings (or some such) which it cannot fix.

thanks :tazz:
-tree_o

LOGFILE:

Ad-Aware SE Build 1.05
Logfile Created on:Saturday, May 07, 2005 4:55:45 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):1 total references
VX2(TAC index:10):9 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654

5-7-2005 4:55:18 PM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 50
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663


5-7-2005 4:55:24 PM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:81 %
Total physical memory:2095792 kb
Available physical memory:1690188 kb
Total page file size:4037784 kb
Available on page file:3760460 kb
Total virtual memory:2097024 kb
Available virtual memory:2045272 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-7-2005 4:55:45 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 664
ThreadCreationTime : 5-7-2005 7:55:14 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 712
ThreadCreationTime : 5-7-2005 7:55:16 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 736
ThreadCreationTime : 5-7-2005 7:55:17 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 780
ThreadCreationTime : 5-7-2005 7:55:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 792
ThreadCreationTime : 5-7-2005 7:55:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\Ati2evxx.exe
Command Line : C:\WINDOWS\System32\Ati2evxx.exe
ProcessID : 960
ThreadCreationTime : 5-7-2005 7:55:17 PM
BasePriority : Normal


#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 976
ThreadCreationTime : 5-7-2005 7:55:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1052
ThreadCreationTime : 5-7-2005 7:55:18 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1096
ThreadCreationTime : 5-7-2005 7:55:18 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1248
ThreadCreationTime : 5-7-2005 7:55:18 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1276
ThreadCreationTime : 5-7-2005 7:55:18 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1544
ThreadCreationTime : 5-7-2005 7:55:18 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [ati2evxx.exe]
ModuleName : C:\WINDOWS\system32\Ati2evxx.exe
Command Line : Ati2evxx.exe -Client
ProcessID : 1988
ThreadCreationTime : 5-7-2005 7:55:22 PM
BasePriority : Normal


#:14 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 2032
ThreadCreationTime : 5-7-2005 7:55:22 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:15 [pronomgr.exe]
ModuleName : C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
Command Line : "C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe"
ProcessID : 252
ThreadCreationTime : 5-7-2005 7:55:22 PM
BasePriority : Normal
FileVersion : 6.4.3.8
ProductVersion : 6.4.3.8
ProductName : Intel® Network Configuration Services
CompanyName : Intel® Corporation
FileDescription : PRONotifyMgr Module
InternalName : PRONotifyMgr
LegalCopyright : Copyright© 2001-2002 Intel Corporation
OriginalFilename : PRONoMgr.exe

#:16 [atiptaxx.exe]
ModuleName : C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Command Line : "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
ProcessID : 260
ThreadCreationTime : 5-7-2005 7:55:22 PM
BasePriority : Normal
FileVersion : 6.14.10.5071
ProductVersion : 6.14.10.5071
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:17 [itouch.exe]
ModuleName : C:\Program Files\Logitech\iTouch\iTouch.exe
Command Line : "C:\Program Files\Logitech\iTouch\iTouch.exe"
ProcessID : 280
ThreadCreationTime : 5-7-2005 7:55:22 PM
BasePriority : Normal
FileVersion : 2.20.242
ProductVersion : 2.20.242
ProductName : iTouch
CompanyName : Logitech Inc.
FileDescription : iTouch Application
InternalName : iTouch
LegalCopyright : © 1998-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : iTouch.exe
Comments : Created by the iTouch team

#:18 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 316
ThreadCreationTime : 5-7-2005 7:55:22 PM
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:19 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 344
ThreadCreationTime : 5-7-2005 7:55:22 PM
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:20 [desktopweather.exe]
ModuleName : C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
Command Line : "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
ProcessID : 380
ThreadCreationTime : 5-7-2005 7:55:23 PM
BasePriority : Normal
FileVersion : 4.0.0.1
ProductVersion : 4.0.0.1
ProductName : Desktop Weather 4
CompanyName : TWCi
FileDescription : DesktopWeather4
InternalName : DesktopWeather.exe
LegalCopyright : © The Weather Channel Interactive. All rights reserved.
OriginalFilename : DesktopWeather4.exe

#:21 [qltrwlj.exe]
ModuleName : c:\windows\system32\qltrwlj.exe
Command Line : "c:\windows\system32\qltrwlj.exe" qsbbigl
ProcessID : 400
ThreadCreationTime : 5-7-2005 7:55:23 PM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:22 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe"
ProcessID : 432
ThreadCreationTime : 5-7-2005 7:55:23 PM
BasePriority : Normal
FileVersion : 6.0.0.2003051500
ProductVersion : 6.0.0.0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe

#:23 [hotsync.exe]
ModuleName : C:\Program Files\Sony Handheld\HOTSYNC.EXE
Command Line : "C:\Program Files\Sony Handheld\HOTSYNC.EXE"
ProcessID : 436
ThreadCreationTime : 5-7-2005 7:55:23 PM
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:24 [em_exec.exe]
ModuleName : C:\Program Files\Logitech\MouseWare\system\em_exec.exe
Command Line : "C:\Program Files\Logitech\MouseWare\system\em_exec.exe"
ProcessID : 456
ThreadCreationTime : 5-7-2005 7:55:23 PM
BasePriority : Normal
FileVersion : 9.79.019
ProductVersion : 9.79.019
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : © 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team

#:25 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 556
ThreadCreationTime : 5-7-2005 7:55:24 PM
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:26 [avsynmgr.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe"
ProcessID : 1228
ThreadCreationTime : 5-7-2005 7:55:36 PM
BasePriority : Normal


#:27 [tcpsvcs.exe]
ModuleName : C:\WINDOWS\System32\tcpsvcs.exe
Command Line : C:\WINDOWS\System32\tcpsvcs.exe
ProcessID : 1288
ThreadCreationTime : 5-7-2005 7:55:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : TCP/IP Services Application
InternalName : TCPSVCS.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : TCPSVCS.EXE

#:28 [vsstat.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\VsStat.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\VsStat.exe"
ProcessID : 1732
ThreadCreationTime : 5-7-2005 7:55:45 PM
BasePriority : Normal


#:29 [vshwin32.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\Vshwin32.exe"
ProcessID : 1972
ThreadCreationTime : 5-7-2005 7:55:45 PM
BasePriority : Normal


#:30 [avconsol.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\Avconsol.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\Avconsol.exe"
ProcessID : 408
ThreadCreationTime : 5-7-2005 7:55:50 PM
BasePriority : Normal


#:31 [mcshield.exe]
ModuleName : C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
Command Line : "C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe"
ProcessID : 1380
ThreadCreationTime : 5-7-2005 7:55:52 PM
BasePriority : High


#:32 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2328
ThreadCreationTime : 5-7-2005 7:55:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:33 [spysub.exe]
ModuleName : C:\Program Files\SpySubtract\SpySub.exe
Command Line : "C:\Program Files\SpySubtract\SpySub.exe"
ProcessID : 4060
ThreadCreationTime : 5-7-2005 8:38:17 PM
BasePriority : Normal
FileVersion : 1, 0, 1, 49
ProductVersion : 2.60
ProductName : SpySubtract
CompanyName : InterMute, Inc.
FileDescription : SpySubtract Program EXE
InternalName : SpySub.exe
LegalCopyright : Copyright © 2004 InterMute, Inc. All rights reserved.
OriginalFilename : SpySub.exe

#:34 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 2128
ThreadCreationTime : 5-7-2005 8:38:32 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:35 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2940
ThreadCreationTime : 5-7-2005 8:55:04 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{92daf5c1-2135-4e0c-b7a0-259abfcd3904}

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bb0d5adc-028d-4185-9288-722ddce2c757}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bb0d5adc-028d-4185-9288-722ddce2c757}
Value :

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 3


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : theresa@z1.adserver[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:theresa@z1.adserver.com/
Expires : 1-17-2038 8:00:00 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 4



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : File
Data : A0000045.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{3E010F63-7864-4A96-B49F-6BD7BE5364A0}\RP1\
FileVersion : 0, 4, 1, 3
ProductVersion : 0, 4, 1, 3
CompanyName : FarmMext
FileDescription : www.farmmext.com
LegalCopyright : Copyright © 2002


VX2 Object Recognized!
Type : File
Data : A0000055.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{3E010F63-7864-4A96-B49F-6BD7BE5364A0}\RP1\
FileVersion : 0, 4, 1, 3
ProductVersion : 0, 4, 1, 3
CompanyName : FarmMext
FileDescription : www.farmmext.com
LegalCopyright : Copyright © 2002


VX2 Object Recognized!
Type : File
Data : A0000196.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{3E010F63-7864-4A96-B49F-6BD7BE5364A0}\RP2\
FileVersion : 0, 4, 1, 3
ProductVersion : 0, 4, 1, 3
CompanyName : FarmMext
FileDescription : www.farmmext.com
LegalCopyright : Copyright © 2002


VX2 Object Recognized!
Type : File
Data : A0000262.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{3E010F63-7864-4A96-B49F-6BD7BE5364A0}\RP3\
FileVersion : 0, 4, 1, 3
ProductVersion : 0, 4, 1, 3
CompanyName : FarmMext
FileDescription : www.farmmext.com
LegalCopyright : Copyright © 2002


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 8




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : File
Data : farmmext.ini
Category : Malware
Comment :
Object : C:\WINDOWS\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 10

5:13:05 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:17:19.969
Objects scanned:212748
Objects identified:10
Objects ignored:0
New critical objects:10
  • 0

#4
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello again.

Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R43 06.05.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to help in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to any objects you wish to remove. Click next, Click Ok.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:
  • 0

#5
tree_o

tree_o

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
How do I know that I am using the " * SE1R43 06.05.2005 * definition file" ??
Thanks,
-tree_o
  • 0

#6
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
No need for making sure, you do have latest definitions file, I can see it from your log.
Just follow my instructions.

- Rawe :tazz:
  • 0

#7
Mirrorman

Mirrorman

    New Member

  • Member
  • Pip
  • 9 posts
Hi guys hope I’m posting this in the right place as I also have a problem with these damm pop ups (including aurora). I have the latest version of ad-aware se personal ver 06-05-2005 which keeps finding critical items. I also have Microsoft anti virus scan as well as the latest Mcaffe suite. I have followed the advice under the "You must read this before posting a hijackthis log required steps and configured ad-aware as advised. I have also installed spybot and cw shredder and ran those to no avail.

Please find below my full system scan, any help is much appreciated

Ad-Aware SE Build 1.05
Logfile Created on:07 May 2005 22:43:07
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):23 total references
Tracking Cookie(TAC index:3):18 total references
VX2(TAC index:10):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 50
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663


Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:29 %
Total physical memory:522236 kb
Available physical memory:147180 kb
Total page file size:1277448 kb
Available on page file:989780 kb
Total virtual memory:2097024 kb
Available virtual memory:2017092 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


07/05/2005 22:43:07 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Thomas\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Thomas\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-4242364227-1142429034-1907758262-1007\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-4242364227-1142429034-1907758262-1007\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-4242364227-1142429034-1907758262-1007\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-4242364227-1142429034-1907758262-1007\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-4242364227-1142429034-1907758262-1007\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-4242364227-1142429034-1907758262-1007\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-4242364227-1142429034-1907758262-1007\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-4242364227-1142429034-1907758262-1007\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-4242364227-1142429034-1907758262-1007\software\microsoft\office\11.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-4242364227-1142429034-1907758262-1007\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-4242364227-1142429034-1907758262-1007\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-4242364227-1142429034-1907758262-1007\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-4242364227-1142429034-1907758262-1007\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-4242364227-1142429034-1907758262-1007\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-4242364227-1142429034-1907758262-1007\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-4242364227-1142429034-1907758262-1007\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 664
ThreadCreationTime : 07/05/2005 20:58:42
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 712
ThreadCreationTime : 07/05/2005 20:58:43
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 736
ThreadCreationTime : 07/05/2005 20:58:44
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 780
ThreadCreationTime : 07/05/2005 20:58:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 792
ThreadCreationTime : 07/05/2005 20:58:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 976
ThreadCreationTime : 07/05/2005 20:58:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1024
ThreadCreationTime : 07/05/2005 20:58:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1168
ThreadCreationTime : 07/05/2005 20:58:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1308
ThreadCreationTime : 07/05/2005 20:58:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1380
ThreadCreationTime : 07/05/2005 20:58:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1568
ThreadCreationTime : 07/05/2005 20:58:46
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1636
ThreadCreationTime : 07/05/2005 20:58:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [btntservice.exe]
ModuleName : C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
Command Line : "C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe"
ProcessID : 1740
ThreadCreationTime : 07/05/2005 20:58:54
BasePriority : High


#:14 [mcvsrte.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding
ProcessID : 1780
ThreadCreationTime : 07/05/2005 20:58:54
BasePriority : Normal
FileVersion : 9, 0, 0, 10
ProductVersion : 9, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:15 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
ProcessID : 1808
ThreadCreationTime : 07/05/2005 20:58:54
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:16 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1984
ThreadCreationTime : 07/05/2005 20:58:57
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [mcshield.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
ProcessID : 348
ThreadCreationTime : 07/05/2005 20:58:58
BasePriority : High


#:18 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 492
ThreadCreationTime : 07/05/2005 20:58:58
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:19 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 772
ThreadCreationTime : 07/05/2005 21:05:11
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:20 [eryxmm.exe]
ModuleName : C:\WINDOWS\system32\eryxmm.exe
Command Line : "C:\WINDOWS\system32\eryxmm.exe"
ProcessID : 1488
ThreadCreationTime : 07/05/2005 21:05:12
BasePriority : Normal


#:21 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 1972
ThreadCreationTime : 07/05/2005 21:05:13
BasePriority : Normal
FileVersion : 3.0.0.2285
ProductVersion : 7.0.0.2285
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE

#:22 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
ProcessID : 1980
ThreadCreationTime : 07/05/2005 21:05:13
BasePriority : Normal


#:23 [intelmem.exe]
ModuleName : C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
Command Line : "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
ProcessID : 120
ThreadCreationTime : 07/05/2005 21:05:13
BasePriority : Normal
FileVersion : 0, 1, 0, 10
ProductVersion : 0, 1, 0, 10
ProductName : Intel Modem Event Monitor Application
CompanyName : Intel Corporation
FileDescription : Modem Event Monitor Application
InternalName : Modem Event Monitor
LegalCopyright : Copyright © 2003
OriginalFilename : IntelMEM.exe

#:24 [pcmservice.exe]
ModuleName : C:\Program Files\Dell\Media Experience\PCMService.exe
Command Line : "C:\Program Files\Dell\Media Experience\PCMService.exe"
ProcessID : 1284
ThreadCreationTime : 07/05/2005 21:05:13
BasePriority : Normal
FileVersion : 1.0.0826
ProductVersion : 1.0.0826
ProductName : PCM2Launcher Application
CompanyName : CyberLink Corp.
FileDescription : PowerCinema Resident Program for Dell
InternalName : PowerCinema Resident Program for Dell
LegalCopyright : Copyright c 2003 CyberLink Corp.
OriginalFilename : PCM2Launcher.EXE

#:25 [dsentry.exe]
ModuleName : C:\WINDOWS\System32\DSentry.exe
Command Line : "C:\WINDOWS\System32\DSentry.exe"
ProcessID : 1300
ThreadCreationTime : 07/05/2005 21:05:13
BasePriority : Normal
FileVersion : 1, 0, 5, 0
ProductVersion : 1, 0, 5, 0
ProductName : Dell - DVDSentry
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
LegalCopyright : Copyright © 2002 Dell
OriginalFilename : DSentry.exe
Comments : DVDSentry launches your software DVD player when a DVD is inserted.

#:26 [mcagent.exe]
ModuleName : C:\PROGRA~1\mcafee.com\agent\mcagent.exe
Command Line : "C:\PROGRA~1\mcafee.com\agent\mcagent.exe"
ProcessID : 1264
ThreadCreationTime : 07/05/2005 21:05:14
BasePriority : Normal
FileVersion : 5, 1, 0, 2
ProductVersion : 5, 1, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe

#:27 [dlbkbmgr.exe]
ModuleName : C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
Command Line : "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
ProcessID : 1560
ThreadCreationTime : 07/05/2005 21:05:14
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Manager Executable
CompanyName : Dell Computer Corporation
FileDescription : Dell AIO Printer A920Button Manager
InternalName : dlbkbmgr.exe
OriginalFilename : dlbkbmgr.exe

#:28 [mcvsshld.exe]
ModuleName : C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
Command Line : "C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
ProcessID : 2016
ThreadCreationTime : 07/05/2005 21:05:14
BasePriority : Normal
FileVersion : 9, 0, 0, 7
ProductVersion : 9, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:29 [datalayer.exe]
ModuleName : C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
Command Line : "C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe"
ProcessID : 124
ThreadCreationTime : 07/05/2005 21:05:15
BasePriority : Normal
FileVersion : 5, 0, 2, 38
ProductVersion : 5, 0
ProductName : Nokia PC Suite
CompanyName : Nokia Mobile Phones Ltd.
FileDescription : DataLayer 2.0 Module
InternalName : DataLayer 2.0
LegalCopyright : Copyright © 2004. Nokia. All rights reserved.
OriginalFilename : DataLayer.exe

#:30 [dlbkbmon.exe]
ModuleName : C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
Command Line : "C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe"
ProcessID : 156
ThreadCreationTime : 07/05/2005 21:05:15
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Monitor Executable
CompanyName : Dell Computer Corporation
FileDescription : Dell AIO Printer A920Button Monitor
InternalName : dlbkbmon.exe
OriginalFilename : dlbkbmon.exe

#:31 [ncltray.exe]
ModuleName : C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
Command Line : "C:\Program Files\Common Files\Nokia\Tools\NclTray.exe"
ProcessID : 428
ThreadCreationTime : 07/05/2005 21:05:15
BasePriority : Normal


#:32 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 436
ThreadCreationTime : 07/05/2005 21:05:15
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:33 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 452
ThreadCreationTime : 07/05/2005 21:05:16
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:34 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 1132
ThreadCreationTime : 07/05/2005 21:05:16
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:35 [mcvsescn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\mcvsescn.exe
Command Line : "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled
ProcessID : 1112
ThreadCreationTime : 07/05/2005 21:05:16
BasePriority : Normal
FileVersion : 9, 0, 0, 7
ProductVersion : 9, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:36 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 1108
ThreadCreationTime : 07/05/2005 21:05:16
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:37 [bluesoleil.exe]
ModuleName : C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
Command Line : "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"
ProcessID : 984
ThreadCreationTime : 07/05/2005 21:05:18
BasePriority : Normal
FileVersion : 1, 4, 9, 2
ProductVersion : 1, 4, 9, 2
ProductName : BlueSoleil
CompanyName : IVT Corporation
FileDescription : Bluetooth Application
InternalName : BlueSoleil
LegalCopyright : Copyright © 2000-2004
LegalTrademarks : BlueSoleil
OriginalFilename : BlueSol.exe

#:38 [servicelayer.exe]
ModuleName : C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Command Line : "C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe" -Embedding
ProcessID : 1060
ThreadCreationTime : 07/05/2005 21:05:18
BasePriority : Normal
FileVersion : 6.00.008
ProductVersion : 6.0
ProductName : Nokia Connectivity Library
CompanyName : Nokia Corp.
FileDescription : ServiceLayer Module
InternalName : ServiceLayer
LegalCopyright : Copyright © 2002-2004 Nokia. All Rights Reserved.
OriginalFilename : ServiceLayer.exe

#:39 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 228
ThreadCreationTime : 07/05/2005 21:05:18
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:40 [dslmon.exe]
ModuleName : C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
Command Line : "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" /W
ProcessID : 392
ThreadCreationTime : 07/05/2005 21:05:19
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DSLMON Application
FileDescription : ADIMON MFC Application
InternalName : DSLMON
LegalCopyright : Copyright © 2000
OriginalFilename : ADIMON.EXE

#:41 [wzqkpick.exe]
ModuleName : C:\Program Files\WinZip\WZQKPICK.EXE
Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE"
ProcessID : 2120
ThreadCreationTime : 07/05/2005 21:05:23
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 8.1 (4319)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2001 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:42 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 2208
ThreadCreationTime : 07/05/2005 21:05:24
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:43 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 2836
ThreadCreationTime : 07/05/2005 21:09:21
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:44 [hlgllgv.exe]
ModuleName : c:\windows\system32\hlgllgv.exe
Command Line : "c:\windows\system32\hlgllgv.exe" dxvsqy
ProcessID : 2952
ThreadCreationTime : 07/05/2005 21:10:17
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:45 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4048
ThreadCreationTime : 07/05/2005 21:21:59
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:46 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 2176
ThreadCreationTime : 07/05/2005 21:22:59
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:47 [mcmnhdlr.exe]
ModuleName : c:\program files\mcafee.com\vso\mcmnhdlr.exe
Command Line : "c:\program files\mcafee.com\vso\mcmnhdlr.exe" 257 vsoui.dll::scannow.htm?force=1
ProcessID : 3920
ThreadCreationTime : 07/05/2005 21:39:27
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Command Handler
InternalName : mcmnhdlr
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcmnhdlr.exe
Comments : McAfee VirusScan Command Handler

#:48 [mghtml.exe]
ModuleName : c:\program files\mcafee.com\shared\mghtml.exe
Command Line : "c:\program files\mcafee.com\shared\mghtml.exe" -embedding
ProcessID : 2856
ThreadCreationTime : 07/05/2005 21:39:28
BasePriority : Normal
FileVersion : 4, 0, 0, 69
ProductVersion : 4, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee Security HTML Dialog
InternalName : mghtml
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mghtml.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{92daf5c1-2135-4e0c-b7a0-259abfcd3904}

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bb0d5adc-028d-4185-9288-722ddce2c757}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bb0d5adc-028d-4185-9288-722ddce2c757}
Value :

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 26


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 26


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas@doubleclick[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:thomas@doubleclick.net/
Expires : 07/05/2005 22:54:12
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas@0[3].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:thomas@jgen4.cjt1.net/HTM/586/0
Expires : 07/05/2006 20:44:00
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas@xxxcounter[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:thomas@xxxcounter.com/
Expires : 07/05/2005 12:29:42
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas@abcsearch[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:thomas@abcsearch.com/
Expires : 31/07/2005 17:53:42
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas@0[2].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:thomas@jdirectuk.cjt1.net/HTM/454/0
Expires : 06/05/2006 22:36:06
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas@trafficmp[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:thomas@trafficmp.com/
Expires : 06/05/2006 23:07:26
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas@0[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:thomas@j.2004cms.com/HTM/586/0
Expires : 07/05/2006 20:43:54
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas@revenue[2].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:thomas@revenue.net/
Expires : 10/06/2022 06:05:42
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas@z1.adserver[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:thomas@z1.adserver.com/
Expires : 01/05/2006 15:26:20
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas@casalemedia[2].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:thomas@casalemedia.com/
Expires : 28/04/2006 16:52:30
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas@bravenet[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:thomas@bravenet.com/
Expires : 29/04/2015 14:31:40
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas@zedo[2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:thomas@zedo.com/
Expires : 08/05/2005 06:00:00
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thomas@0[4].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:thomas@j.2004cms.com/HTM/454/0
Expires : 06/05/2006 22:36:08
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 13
Objects found so far: 39


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : michael@0[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Michael\Cookies\michael@0[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : michael@0[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Michael\Cookies\michael@0[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : michael@revenue[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Michael\Cookies\michael@revenue[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : michael@targetnet[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Michael\Cookies\michael@targetnet[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : michael@zedo[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Michael\Cookies\michael@zedo[2].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 44


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 44




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions
Value : iexplore.exe

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 46

23:08:37 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:25:29.453
Objects scanned:126083
Objects identified:23
Objects ignored:0
New critical objects:23




Regards Mirrorman
  • 0

#8
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi Mirrorman.
You will get your help if you want to.
But, you will need to start a new topic of your own.
Please don't post your own logs to anyone else's topic..
Thank you.

- Rawe :tazz:
  • 0

#9
tree_o

tree_o

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
hello,
here is my logfile from ad-aware after following your instructions:

Aurora is still present, unfortunately,
thanks,
-tree_o

----

Ad-Aware SE Build 1.05
Logfile Created on:Saturday, May 07, 2005 10:46:47 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 50
File location : C:\Program Files\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663


Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:81 %
Total physical memory:2095792 kb
Available physical memory:1680016 kb
Total page file size:4037784 kb
Available on page file:3777356 kb
Total virtual memory:2097024 kb
Available virtual memory:2048012 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-7-2005 10:46:47 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 428
ThreadCreationTime : 5-8-2005 2:41:28 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 476
ThreadCreationTime : 5-8-2005 2:41:30 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 500
ThreadCreationTime : 5-8-2005 2:41:31 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 544
ThreadCreationTime : 5-8-2005 2:41:32 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 556
ThreadCreationTime : 5-8-2005 2:41:32 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\Ati2evxx.exe
Command Line : C:\WINDOWS\System32\Ati2evxx.exe
ProcessID : 712
ThreadCreationTime : 5-8-2005 2:41:32 AM
BasePriority : Normal


#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 728
ThreadCreationTime : 5-8-2005 2:41:32 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 804
ThreadCreationTime : 5-8-2005 2:41:32 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 848
ThreadCreationTime : 5-8-2005 2:41:32 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 908
ThreadCreationTime : 5-8-2005 2:41:32 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 980
ThreadCreationTime : 5-8-2005 2:41:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1116
ThreadCreationTime : 5-8-2005 2:41:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [avsynmgr.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe"
ProcessID : 1240
ThreadCreationTime : 5-8-2005 2:41:38 AM
BasePriority : Normal


#:14 [tcpsvcs.exe]
ModuleName : C:\WINDOWS\System32\tcpsvcs.exe
Command Line : C:\WINDOWS\System32\tcpsvcs.exe
ProcessID : 1364
ThreadCreationTime : 5-8-2005 2:41:39 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : TCP/IP Services Application
InternalName : TCPSVCS.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : TCPSVCS.EXE

#:15 [vsstat.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\VsStat.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\VsStat.exe"
ProcessID : 1420
ThreadCreationTime : 5-8-2005 2:41:44 AM
BasePriority : Normal


#:16 [vshwin32.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\Vshwin32.exe"
ProcessID : 1584
ThreadCreationTime : 5-8-2005 2:41:44 AM
BasePriority : Normal


#:17 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1644
ThreadCreationTime : 5-8-2005 2:41:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:18 [mcshield.exe]
ModuleName : C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
Command Line : "C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe"
ProcessID : 1688
ThreadCreationTime : 5-8-2005 2:41:45 AM
BasePriority : High


#:19 [avconsol.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\Avconsol.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\Avconsol.exe"
ProcessID : 1828
ThreadCreationTime : 5-8-2005 2:41:46 AM
BasePriority : Normal


#:20 [ati2evxx.exe]
ModuleName : C:\WINDOWS\system32\Ati2evxx.exe
Command Line : Ati2evxx.exe -Client
ProcessID : 180
ThreadCreationTime : 5-8-2005 2:41:59 AM
BasePriority : Normal


#:21 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 320
ThreadCreationTime : 5-8-2005 2:41:59 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:22 [pronomgr.exe]
ModuleName : C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
Command Line : "C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe"
ProcessID : 452
ThreadCreationTime : 5-8-2005 2:42:00 AM
BasePriority : Normal
FileVersion : 6.4.3.8
ProductVersion : 6.4.3.8
ProductName : Intel® Network Configuration Services
CompanyName : Intel® Corporation
FileDescription : PRONotifyMgr Module
InternalName : PRONotifyMgr
LegalCopyright : Copyright© 2001-2002 Intel Corporation
OriginalFilename : PRONoMgr.exe

#:23 [atiptaxx.exe]
ModuleName : C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Command Line : "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
ProcessID : 460
ThreadCreationTime : 5-8-2005 2:42:00 AM
BasePriority : Normal
FileVersion : 6.14.10.5071
ProductVersion : 6.14.10.5071
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:24 [itouch.exe]
ModuleName : C:\Program Files\Logitech\iTouch\iTouch.exe
Command Line : "C:\Program Files\Logitech\iTouch\iTouch.exe"
ProcessID : 944
ThreadCreationTime : 5-8-2005 2:42:01 AM
BasePriority : Normal
FileVersion : 2.20.242
ProductVersion : 2.20.242
ProductName : iTouch
CompanyName : Logitech Inc.
FileDescription : iTouch Application
InternalName : iTouch
LegalCopyright : © 1998-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : iTouch.exe
Comments : Created by the iTouch team

#:25 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 968
ThreadCreationTime : 5-8-2005 2:42:02 AM
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:26 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 1080
ThreadCreationTime : 5-8-2005 2:42:02 AM
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:27 [hqmoqsq.exe]
ModuleName : c:\windows\system32\hqmoqsq.exe
Command Line : "c:\windows\system32\hqmoqsq.exe" qlaeir
ProcessID : 1216
ThreadCreationTime : 5-8-2005 2:42:02 AM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:28 [desktopweather.exe]
ModuleName : C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
Command Line : "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
ProcessID : 1252
ThreadCreationTime : 5-8-2005 2:42:03 AM
BasePriority : Normal
FileVersion : 4.0.0.1
ProductVersion : 4.0.0.1
ProductName : Desktop Weather 4
CompanyName : TWCi
FileDescription : DesktopWeather4
InternalName : DesktopWeather.exe
LegalCopyright : © The Weather Channel Interactive. All rights reserved.
OriginalFilename : DesktopWeather4.exe

#:29 [em_exec.exe]
ModuleName : C:\Program Files\Logitech\MouseWare\system\em_exec.exe
Command Line : "C:\Program Files\Logitech\MouseWare\system\em_exec.exe"
ProcessID : 1048
ThreadCreationTime : 5-8-2005 2:42:03 AM
BasePriority : Normal
FileVersion : 9.79.019
ProductVersion : 9.79.019
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : © 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team

#:30 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 1324
ThreadCreationTime : 5-8-2005 2:42:03 AM
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:31 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe"
ProcessID : 1856
ThreadCreationTime : 5-8-2005 2:42:04 AM
BasePriority : Normal
FileVersion : 6.0.0.2003051500
ProductVersion : 6.0.0.0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe

#:32 [hotsync.exe]
ModuleName : C:\Program Files\Sony Handheld\HOTSYNC.EXE
Command Line : "C:\Program Files\Sony Handheld\HOTSYNC.EXE"
ProcessID : 2364
ThreadCreationTime : 5-8-2005 2:42:14 AM
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:33 [spysub.exe]
ModuleName : C:\Program Files\SpySubtract\SpySub.exe
Command Line : "C:\Program Files\SpySubtract\SpySub.exe" -autostart
ProcessID : 2412
ThreadCreationTime : 5-8-2005 2:42:16 AM
BasePriority : Normal
FileVersion : 1, 0, 1, 49
ProductVersion : 2.60
ProductName : SpySubtract
CompanyName : InterMute, Inc.
FileDescription : SpySubtract Program EXE
InternalName : SpySub.exe
LegalCopyright : Copyright © 2004 InterMute, Inc. All rights reserved.
OriginalFilename : SpySub.exe

#:34 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[350]SUSDS5f25140b4eb40940ae0a2545c67caea9
ProcessID : 2484
ThreadCreationTime : 5-8-2005 2:42:29 AM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:35 [ad-aware.exe]
ModuleName : C:\Program Files\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2712
ThreadCreationTime : 5-8-2005 2:46:33 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 0


11:02:42 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:15:55.156
Objects scanned:193583
Objects identified:0
Objects ignored:0
New critical objects:0
  • 0

#10
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello again.
Run these online virus scans here;
- F-secure
- Trend Micro

Post the results to this topic.

- Rawe :tazz:
  • 0

#11
tree_o

tree_o

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
results from Trend Micro Housecall:
it found 2 troj:

Troj_Buddy.f on c:/windows/kvauikeuu.exe

Troj_Agent.abs on c:/windows/system32/twchhv.exe

It appears that i would have to pay TrendMicro to clean these up, which i don't want to do. What do you advise?
thanks,

-tree_o
  • 0

#12
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP