Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ad-Aware Log file (Aurora)[RESOLVED]


  • This topic is locked This topic is locked

#1
kelchris

kelchris

    Member

  • Member
  • PipPip
  • 10 posts
:tazz: ;) To start I am trying to fix a bman.exe, bman1.exe virus on my computer.

I followed all of the instructions on what I need to do before I list my Ad-Aware log file.

Here is my log file.

Any help would be wonderful, thanks ;),
kelly


Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, May 17, 2005 4:58:19 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R46 17.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654

5-17-2005 4:54:23 PM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R46 17.05.2005
Internal build : 54
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 474775 Bytes
Total size : 1435210 Bytes
Signature data size : 1404100 Bytes
Reference data size : 30598 Bytes
Signatures total : 40060
Fingerprints total : 883
Fingerprints size : 30250 Bytes
Target categories : 15
Target families : 674


5-17-2005 4:56:06 PM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:18 %
Total physical memory:260436 kb
Available physical memory:45020 kb
Total page file size:640608 kb
Available on page file:322660 kb
Total virtual memory:2097024 kb
Available virtual memory:2044868 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects


5-17-2005 4:58:19 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 548
ThreadCreationTime : 5-17-2005 10:48:23 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 596
ThreadCreationTime : 5-17-2005 10:48:25 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 620
ThreadCreationTime : 5-17-2005 10:48:26 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 664
ThreadCreationTime : 5-17-2005 10:48:26 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 676
ThreadCreationTime : 5-17-2005 10:48:26 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 852
ThreadCreationTime : 5-17-2005 10:48:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 876
ThreadCreationTime : 5-17-2005 10:48:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1016
ThreadCreationTime : 5-17-2005 10:48:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1044
ThreadCreationTime : 5-17-2005 10:48:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 1248
ThreadCreationTime : 5-17-2005 10:48:30 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)

VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


Warning! VX2 Object found in memory(C:\WINDOWS\Bolger.dll)

VX2 Object Recognized!
Type : Process
Data : Bolger.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
FileVersion : 0, 12, 4, 96
ProductVersion : 0, 12, 4, 96
ProductName : bolger
CompanyName : Bolger
FileDescription : www.abetterinternet.com
InternalName : bolger
LegalCopyright : Copyright © 2005
OriginalFilename : bolger.dll
Comments : www.abetterinternet.com

Warning! VX2 Object found in memory(C:\WINDOWS\System32\winup2date.dll)

VX2 Object Recognized!
Type : Process
Data : winup2date.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\



#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1276
ThreadCreationTime : 5-17-2005 10:48:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
Warning! VX2 Object found in memory(C:\WINDOWS\system32\DrPMon.dll)

VX2 Object Recognized!
Type : Process
Data : DrPMon.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


#:12 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1376
ThreadCreationTime : 5-17-2005 10:48:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:13 [aolacsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
ProcessID : 1420
ThreadCreationTime : 5-17-2005 10:48:30 PM
BasePriority : Normal


#:14 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 1432
ThreadCreationTime : 5-17-2005 10:48:30 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:15 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 1456
ThreadCreationTime : 5-17-2005 10:48:31 PM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:16 [ctsvccda.exe]
ModuleName : C:\WINDOWS\System32\CTsvcCDA.EXE
Command Line : C:\WINDOWS\System32\CTsvcCDA.EXE
ProcessID : 1536
ThreadCreationTime : 5-17-2005 10:48:31 PM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:17 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 1568
ThreadCreationTime : 5-17-2005 10:48:31 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:18 [scardsvr.exe]
ModuleName : C:\WINDOWS\System32\SCardSvr.exe
Command Line : C:\WINDOWS\System32\SCardSvr.exe
ProcessID : 1744
ThreadCreationTime : 5-17-2005 10:48:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Smart Card Resource Management Server
InternalName : SCardSvr.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : SCardSvr.exe

#:19 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 1836
ThreadCreationTime : 5-17-2005 10:48:33 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:20 [mspmspsv.exe]
ModuleName : C:\WINDOWS\System32\MsPMSPSv.exe
Command Line : C:\WINDOWS\System32\MsPMSPSv.exe
ProcessID : 1916
ThreadCreationTime : 5-17-2005 10:48:33 PM
BasePriority : Normal
FileVersion : 7.00.00.1956
ProductVersion : 7.00.00.1956
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:21 [igfxtray.exe]
ModuleName : C:\WINDOWS\System32\igfxtray.exe
Command Line : "C:\WINDOWS\System32\igfxtray.exe"
ProcessID : 2012
ThreadCreationTime : 5-17-2005 10:48:34 PM
BasePriority : Normal
FileVersion : 3.0.0.4020
ProductVersion : 7.0.0.4020
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : IGFXTRAY.EXE
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)

VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\



#:22 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 2020
ThreadCreationTime : 5-17-2005 10:48:34 PM
BasePriority : Normal
FileVersion : 3.0.0.4020
ProductVersion : 7.0.0.4020
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : HKCMD.EXE
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)

VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\



#:23 [apoint.exe]
ModuleName : C:\Program Files\Apoint\Apoint.exe
Command Line : "C:\Program Files\Apoint\Apoint.exe"
ProcessID : 2028
ThreadCreationTime : 5-17-2005 10:48:34 PM
BasePriority : Normal
FileVersion : 5.5.101.141
ProductVersion : 5.5.101.141
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2004 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)

VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


"C:\Program Files\Apoint\Apoint.exe"Process terminated successfully

#:24 [quickset.exe]
ModuleName : C:\Program Files\Dell\QuickSet\quickset.exe
Command Line : "C:\Program Files\Dell\QuickSet\quickset.exe"
ProcessID : 2036
ThreadCreationTime : 5-17-2005 10:48:34 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : QuickSet Application
FileDescription : QuickSet MFC Application
InternalName : direct
LegalCopyright : Copyright © 2001
OriginalFilename : direct.EXE
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)

VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


"C:\Program Files\Dell\QuickSet\quickset.exe"Process terminated successfully

#:25 [bcmsmmsg.exe]
ModuleName : C:\WINDOWS\BCMSMMSG.exe
Command Line : "C:\WINDOWS\BCMSMMSG.exe"
ProcessID : 2044
ThreadCreationTime : 5-17-2005 10:48:35 PM
BasePriority : Normal
FileVersion : 3.5.25 08/27/2003 20:04:35
ProductVersion : 3.5.25 08/27/2003 20:04:35
ProductName : BCM Modem Messaging Applet
CompanyName : Broadcom Corporation
FileDescription : Modem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Broadcom Corporation 1998-2000
OriginalFilename : smdmstat.exe
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)

VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


"C:\WINDOWS\BCMSMMSG.exe"Process terminated successfully

#:26 [aoldial.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
ProcessID : 152
ThreadCreationTime : 5-17-2005 10:48:35 PM
BasePriority : Normal
FileVersion : 2.0.20.1.US.1
ProductVersion : 2.0.20.1.US.1
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)

VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"Process terminated successfully

#:27 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 160
ThreadCreationTime : 5-17-2005 10:48:35 PM
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)

VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


"C:\Program Files\QuickTime\qttask.exe"Process terminated successfully

#:28 [aolsp scheduler.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
Command Line : "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
ProcessID : 176
ThreadCreationTime : 5-17-2005 10:48:35 PM
BasePriority : Normal
FileVersion : 1, 5, 0, 0
ProductVersion : 1, 5, 0, 0
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)

VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"Process terminated successfully

#:29 [tfswctrl.exe]
ModuleName : C:\WINDOWS\system32\dla\tfswctrl.exe
Command Line : "C:\WINDOWS\system32\dla\tfswctrl.exe"
ProcessID : 204
ThreadCreationTime : 5-17-2005 10:48:35 PM
BasePriority : Normal
FileVersion : 1.04.07b
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)

VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


Warning! "C:\WINDOWS\system32\dla\tfswctrl.exe"Process could not be terminated!

#:30 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 244
ThreadCreationTime : 5-17-2005 10:48:35 PM
BasePriority : Normal
FileVersion : 0.1.0.3275
ProductVersion : 0.1.0.3275
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)

VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"Process terminated successfully

#:31 [mm_tray.exe]
ModuleName : C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
Command Line : "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
ProcessID : 328
ThreadCreationTime : 5-17-2005 10:48:36 PM
BasePriority : Normal
FileVersion : 10.00.2058
ProductVersion : 10.00.2058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe

#:32 [rappni.exe]
ModuleName : C:\WINDOWS\System32\rappni.exe
Command Line : "C:\WINDOWS\System32\rappni.exe"
ProcessID : 460
ThreadCreationTime : 5-17-2005 10:48:37 PM
BasePriority : Normal

Warning! VX2 Object found in memory(C:\WINDOWS\System32\rappni.exe)

VX2 Object Recognized!
Type : Process
Data : rappni.exe
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


"C:\WINDOWS\System32\rappni.exe"Process terminated successfully
"C:\WINDOWS\System32\rappni.exe"Process terminated successfully

#:33 [bman1.exe]
ModuleName : C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
Command Line : "C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe"
ProcessID : 480
ThreadCreationTime : 5-17-2005 10:48:37 PM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : BMan1
InternalName : BMan1
OriginalFilename : BMan1.exe
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)

VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


"C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe"Process terminated successfully

#:34 [navapw32.exe]
ModuleName : C:\PROGRA~1\NORTON~1\navapw32.exe
Command Line : "C:\PROGRA~1\NORTON~1\navapw32.exe"
ProcessID : 504
ThreadCreationTime : 5-17-2005 10:48:38 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPW32.EXE
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)

VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


"C:\PROGRA~1\NORTON~1\navapw32.exe"Process terminated successfully

#:35 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 600
ThreadCreationTime : 5-17-2005 10:48:40 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)

VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\



#:36 [bman.exe]
ModuleName : C:\DOCUME~1\ALLUSE~1\APPLIC~1\msw\BMan.exe
Command Line : C:\DOCUME~1\ALLUSE~1\APPLIC~1\msw\BMan.exe
ProcessID : 796
ThreadCreationTime : 5-17-2005 10:48:40 PM
BasePriority : Normal
FileVersion : 1.07
ProductVersion : 1.07
ProductName : BMan
InternalName : BMan
OriginalFilename : BMan.exe

#:37 [avgemc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
ProcessID : 1024
ThreadCreationTime : 5-17-2005 10:48:41 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)

VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


"C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"Process terminated successfully

#:38 [apntex.exe]
ModuleName : C:\Program Files\Apoint\Apntex.exe
Command Line : "Apntex.exe"
ProcessID : 1580
ThreadCreationTime : 5-17-2005 10:48:47 PM
BasePriority : Normal
FileVersion : 5.5.1.19
ProductVersion : 5.5.1.19
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
LegalCopyright : Copyright © 1998-2004 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)

VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


"C:\Program Files\Apoint\Apntex.exe"Process terminated successfully

#:39 [mouse32a.exe]
ModuleName : C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
Command Line : "C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE"
ProcessID : 1592
ThreadCreationTime : 5-17-2005 10:48:49 PM
BasePriority : Normal
FileVersion : 8.0.0.0
ProductVersion : 8.0.0.0
LegalCopyright : Copyright 2002 by LEE,WEI-BIN.

#:40 [cfgipsec.exe]
ModuleName : C:\WINDOWS\System32\cfgipsec.exe
Command Line : "C:\WINDOWS\System32\cfgipsec.exe"
ProcessID : 1828
ThreadCreationTime : 5-17-2005 10:48:50 PM
BasePriority : Normal


#:41 [accagnt.exe]
ModuleName : C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
Command Line : "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
ProcessID : 1768
ThreadCreationTime : 5-17-2005 10:48:51 PM
BasePriority : ?
FileVersion : 1, 1, 0, 98
ProductVersion : 1, 1, 0, 98
ProductName : AOL Computer Check-Up
CompanyName : America Online Inc.
FileDescription : AOL Computer Check-Up
InternalName : AUAgent
LegalCopyright : Copyright © 2000 - 2004 America Online Inc.
OriginalFilename : AUAgent.exe
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)

VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


"C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe"Process terminated successfully

#:42 [mim.exe]
ModuleName : C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
Command Line : "C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe" -Embedding
ProcessID : 1880
ThreadCreationTime : 5-17-2005 10:48:51 PM
BasePriority : Normal
FileVersion : 10.00.2058
ProductVersion : 10.00.2058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mim
InternalName : mim
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mim.exe
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)

VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\



#:43 [gcskkq.exe]
ModuleName : c:\windows\system32\gcskkq.exe
Command Line : "c:\windows\system32\gcskkq.exe" onwyenz
ProcessID : 2068
ThreadCreationTime : 5-17-2005 10:48:53 PM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:44 [aoltray.exe]
ModuleName : C:\Program Files\America Online 9.0\aoltray.exe
Command Line : "C:\Program Files\America Online 9.0\aoltray.exe" -check
ProcessID : 2116
ThreadCreationTime : 5-17-2005 10:48:55 PM
BasePriority : Normal
FileVersion : 9.00.001
ProductVersion : 9.00.001
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : AOL Tray Icon
InternalName : AolTray
LegalCopyright : Copyright © America Online, Inc. 1999 - 2004

#:45 [hotsync.exe]
ModuleName : C:\Program Files\palmOne\HOTSYNC.EXE
Command Line : "C:\Program Files\palmOne\HOTSYNC.EXE"
ProcessID : 2156
ThreadCreationTime : 5-17-2005 10:48:58 PM
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:46 [mmdiag.exe]
ModuleName : C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
Command Line : MMDiag.exe
ProcessID : 2312
ThreadCreationTime : 5-17-2005 10:49:04 PM
BasePriority : Normal
FileVersion : 10.00.2058
ProductVersion : 10.00.2058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : Logging and tracing manager
InternalName : MMTraceExe
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : MMTraceExe.EXE

#:47 [waol.exe]
ModuleName : C:\Program Files\America Online 9.0\waol.exe
Command Line : "C:\Program Files\America Online 9.0\waol.exe"
ProcessID : 2612
ThreadCreationTime : 5-17-2005 10:49:18 PM
BasePriority : Normal


#:48 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 3000
ThreadCreationTime : 5-17-2005 10:49:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:49 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe"
ProcessID : 3568
ThreadCreationTime : 5-17-2005 10:49:53 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)

"C:\WINDOWS\System32\wuauclt.exe"Process terminated successfully

#:50 [shellmon.exe]
ModuleName : C:\Program Files\America Online 9.0\shellmon.exe
Command Line : "C:\Program Files\America Online 9.0\shellmon.exe"
ProcessID : 3956
ThreadCreationTime : 5-17-2005 10:50:21 PM
BasePriority : Normal


#:51 [aoltpspd.exe]
ModuleName : C:\Program Files\Common Files\Aol\aoltpspd.exe
Command Line : -p11523 -S256 -s443 -l443 -G"C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\vph.ph" -c1 -Z -H2612
ProcessID : 4040
ThreadCreationTime : 5-17-2005 10:50:24 PM
BasePriority : Normal
FileVersion : 1, 1, 1, 0
ProductVersion : [v1_r1.1-2] On Mon 11/29/2004 19:54:26.07
ProductName : AOL TopSpeed™
CompanyName : America Online Inc
FileDescription : AOL TopSpeed™
InternalName : AOL TopSpeed™
LegalCopyright : Copyright © America Online 2003
LegalTrademarks : AOL TopSpeed™
OriginalFilename : aoltpspd.exe

#:52 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2944
ThreadCreationTime : 5-17-2005 10:54:01 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 23


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll
Value : AppID

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value :

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value : AppID

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{302a3240-4805-4a34-97d7-1645a0b08410}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{302a3240-4805-4a34-97d7-1645a0b08410}
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bolgerdll.bolgerdllobj.1

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bolgerdll.bolgerdllobj.1
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bolgerdll.bolgerdllobj

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bolgerdll.bolgerdllobj
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLI9d1OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLC9n1trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLT9o1pListSPos

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLs9t1icky1S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLs9t1icky2S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLs9t1icky3S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLs9t1icky4S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLC1o9d1eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLT9i1m4eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLD9s1tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BL9N1a4tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLP9D1om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLT9h1rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLT9h1rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLM9o1deSSync

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLI9n1ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLI9n1ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLI9n1ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLL9a1stMotsSDay

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLL9a1stSSChckin

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLC9n1tFyl

VX2 Object Recognized!
Type : RegValue
Data :
Category

Edited by kelchris, 22 May 2005 - 12:07 AM.

  • 0

Advertisements


#2
kelchris

kelchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLE9v1nt

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\aurora
Value : AUI3d5OfSDist

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bookedspace

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{302a3240-4805-4a34-97d7-1645a0b08410}

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "AC"
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\lq
Value : AC

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 54
Objects found so far: 77


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : C:\WINDOWS\System32\nokka.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{f34fb3eb-26df-4d63-9c20-5b718da152b8}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : C:\WINDOWS\System32\nokka.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{f34fb3eb-26df-4d63-9c20-5b718da152b8}
Value :

VX2 Object Recognized!
Type : File
Data : nokka.dll
Category : Malware
Comment :
Object : c:\windows\system32\



VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "KavSvc"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : KavSvc

VX2 Object Recognized!
Type : File
Data : rappni.exe
Category : Malware
Comment :
Object : c:\windows\system32\



Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 82


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@revenue[1].txt
Category : Data Miner
Comment : Hits:109
Value : Cookie:owner@revenue.net/
Expires : 6-9-2022 11:05:42 PM
LastSync : Hits:109
UseCount : 0
Hits : 109

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@qksrv[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:owner@qksrv.net/
Expires : 5-3-2010 1:04:20 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@2o7[1].txt
Category : Data Miner
Comment : Hits:25
Value : Cookie:owner@2o7.net/
Expires : 5-16-2010 4:51:54 PM
LastSync : Hits:25
UseCount : 0
Hits : 25

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@zedo[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:owner@zedo.com/
Expires : 5-2-2015 1:49:28 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@apmebf[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:owner@apmebf.com/
Expires : 5-3-2010 1:04:18 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@z1.adserver[1].txt
Category : Data Miner
Comment : Hits:87
Value : Cookie:owner@z1.adserver.com/
Expires : 5-4-2006 7:19:06 AM
LastSync : Hits:87
UseCount : 0
Hits : 87

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@real[2].txt
Category : Data Miner
Comment : Hits:261
Value : Cookie:owner@real.com/
Expires : 4-12-2035 11:15:40 PM
LastSync : Hits:261
UseCount : 0
Hits : 261

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@trafficmp[2].txt
Category : Data Miner
Comment : Hits:17
Value : Cookie:owner@trafficmp.com/
Expires : 5-4-2006 1:38:48 AM
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@ads.pointroll[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:owner@ads.pointroll.com/
Expires : 12-31-2009 6:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@live365[1].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:owner@live365.com/
Expires : 4-24-2010 11:53:20 PM
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@tribalfusion[2].txt
Category : Data Miner
Comment : Hits:19
Value : Cookie:owner@tribalfusion.com/
Expires : 12-31-2037 6:00:00 PM
LastSync : Hits:19
UseCount : 0
Hits : 19

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@bluestreak[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:owner@bluestreak.com/
Expires : 5-1-2015 9:58:54 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 12
Objects found so far: 94



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : File
Data : dukk.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\



VX2 Object Recognized!
Type : File
Data : Bolger[1].dll
Category : Malware
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5RDZU1KF\
FileVersion : 0, 12, 4, 96
ProductVersion : 0, 12, 4, 96
ProductName : bolger
CompanyName : Bolger
FileDescription : www.abetterinternet.com
InternalName : bolger
LegalCopyright : Copyright © 2005
OriginalFilename : bolger.dll
Comments : www.abetterinternet.com


VX2 Object Recognized!
Type : File
Data : DrPMon[1].dll
Category : Malware
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5RDZU1KF\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


VX2 Object Recognized!
Type : File
Data : Poller[1].exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5RDZU1KF\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : A0000005.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{C9657D49-AE4A-4336-9615-D6467C7F5CE7}\RP1\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : A0001007.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{C9657D49-AE4A-4336-9615-D6467C7F5CE7}\RP1\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : A0001055.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{C9657D49-AE4A-4336-9615-D6467C7F5CE7}\RP1\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : A0001090.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{C9657D49-AE4A-4336-9615-D6467C7F5CE7}\RP1\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : A0001131.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{C9657D49-AE4A-4336-9615-D6467C7F5CE7}\RP1\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : A0001144.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{C9657D49-AE4A-4336-9615-D6467C7F5CE7}\RP1\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : A0001157.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{C9657D49-AE4A-4336-9615-D6467C7F5CE7}\RP1\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : A0001183.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{C9657D49-AE4A-4336-9615-D6467C7F5CE7}\RP1\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : A0001248.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{C9657D49-AE4A-4336-9615-D6467C7F5CE7}\RP2\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : A0001259.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{C9657D49-AE4A-4336-9615-D6467C7F5CE7}\RP2\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : Bolger.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
FileVersion : 0, 12, 4, 96
ProductVersion : 0, 12, 4, 96
ProductName : bolger
CompanyName : Bolger
FileDescription : www.abetterinternet.com
InternalName : bolger
LegalCopyright : Copyright © 2005
OriginalFilename : bolger.dll
Comments : www.abetterinternet.com


VX2 Object Recognized!
Type : File
Data : DrPMon.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


VX2 Object Recognized!
Type : File
Data : qgaav.dat
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : winup2date.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : unadbeh.exe
Category : Malware
Comment :
Object : C:\WINDOWS\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 113


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Not Avaliable

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 113


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 113




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\control\print\monitors\zepmon

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\control\print\monitors\zepmon
Value : Driver

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\control\print\monitors\zepmon

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\control\print\monitors\zepmon
Value : Driver

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\lastknowngoodrecovery\lastgood
Value : INF/oem11.PNF

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\lastknowngoodrecovery\lastgood
Value : INF/oem12.PNF

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\lastknowngoodrecovery\lastgood
Value : INF/oem5.PNF

VX2 Object Recognized!
Type : File
Data : oem12.PNF
Category : Malware
Comment :
Object : C:\WINDOWS\lastgood\inf\



VX2 Object Recognized!
Type : File
Data : oem12.inf
Category : Malware
Comment :
Object : C:\WINDOWS\lastgood\inf\



BookedSpace Object Recognized!
Type : File
Data : bsx32.ini
Category : Malware
Comment :
Object : C:\WINDOWS\



Ebates MoneyMaker Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TM

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AD

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AM

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AT

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AC

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : U

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : I

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TR

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : country

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : city

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : state

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX2.8

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX2.9

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.0

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.1

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.2

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.3

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.4

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.5

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.6

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : LU3.7

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : leck

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 36
Objects found so far: 149

5:10:04 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:44.954
Objects scanned:91361
Objects identified:127
Objects ignored:0
New critical objects:127
  • 0

#3
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Please folow the instructions here and post a HijackThis log.

http://www.geekstogo..._Log-t2852.html

Regards,
  • 0

#4
kelchris

kelchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
according to the instructions:

Logfile of HijackThis v1.99.1
Scan saved at 2:10:47 AM, on 5/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\WINDOWS\System32\rlkknu.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HJT\HijackThis.exe
C:\PROGRA~1\MUSICM~1\Common\COMPON~1\MMCOMP~1.EXE
C:\Program Files\America Online 9.0\waol.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rlkknu.exe reg_run
O4 - HKLM\..\Run: [hodbzz] c:\windows\system32\tmohbpu.exe
O4 - HKCU\..\Run: [Iw57RVZsQ] cfgipsec.exe
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#5
kelchris

kelchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe

O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rlkknu.exe reg_run
O4 - HKLM\..\Run: [hodbzz] c:\windows\system32\tmohbpu.exe
O4 - HKCU\..\Run: [Iw57RVZsQ] cfgipsec.exe

O4 - Startup: PowerReg Scheduler.exe

*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Highlight the filenames from the CODE box and copy the file names below to the clipboard by highlighting them and pressing Control-C:

c:\windows\system32\tmohbpu.exe
C:\WINDOWS\System32\rlkknu.exe
C:\WINDOWS\System32\winupdt.exe
C:\WINDOWS\System32\nokka.dll

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

After the reboot click Start > Run type services.msc > OK
In the list of services find:
System Startup Service (SvcProc)
Rightclick that line and choose Properties.
On the General tab Stop and set the service to disabled.
In HijackThis click Config > Misc Tools > Delete an NT service
In the dialog box paste: SvcProc

Reboot once more, run HijackThis again andpost a new log.

Regards,
  • 0

#7
kelchris

kelchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Sorry about the delay in replying, at about 2:30 / 3:00 am my brain decided to quit on me. :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 1:28:10 PM, on 5/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
  • 0

#8
kelchris

kelchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Documents and Settings\Owner\Desktop\HJT\HijackThis.exe
C:\WINDOWS\System32\imapi.exe
C:\PROGRA~1\MUSICM~1\Common\COMPON~1\MMCOMP~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#9
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
No problem. They keep me busy here. ;)

Your log looks good. :tazz:

Is your computer behaving as well?

Please do have a look at my site about removing and preventing spyware.

Regards,
  • 0

#10
kelchris

kelchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
so far so good. ;)

My internet is acting slow but that is probably AOL being a pain in the kiester....

I also need to defrag really bad but I wanted to wait until my computer was O.K. (that could be a reason why it is slow...)

Thanks soooooooooo much for all of your help! ;)

I will take a look at your site.

kelly :tazz:
  • 0

#11
kelchris

kelchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
:tazz: ;) I did have last min q's though..

-can I get rid of things like killbox, etc
-which is better Norton or AVG?
-Should I hold on to Hijack this?

thanks
kelly
  • 0

#12
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Killbox can be deleted.
I would hold on to HijackThis untill you are sure everything is OK (it made backups)

NAV and AVG both have pros & cons.
Whatever you like best. :tazz:

Regards,
  • 0

#13
kelchris

kelchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
thanks! ;) ;) :tazz:
  • 0

#14
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP