Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WORM.ALCAN.A [CLOSED]


  • This topic is locked This topic is locked

#1
MissMyMac

MissMyMac

    Member

  • Member
  • PipPip
  • 10 posts
Ad-Aware SE Build 1.05
Logfile Created on:Saturday, May 21, 2005 4:37:01 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R46 17.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R46 17.05.2005
Internal build : 54
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 474775 Bytes
Total size : 1435210 Bytes
Signature data size : 1404100 Bytes
Reference data size : 30598 Bytes
Signatures total : 40060
Fingerprints total : 883
Fingerprints size : 30250 Bytes
Target categories : 15
Target families : 674


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:47 %
Total physical memory:522240 kb
Available physical memory:242212 kb
Total page file size:1277352 kb
Available on page file:1054800 kb
Total virtual memory:2097024 kb
Available virtual memory:2047920 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects


5-21-2005 4:37:01 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 376
ThreadCreationTime : 5-21-2005 8:25:16 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 464
ThreadCreationTime : 5-21-2005 8:25:17 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 488
ThreadCreationTime : 5-21-2005 8:25:18 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 672
ThreadCreationTime : 5-21-2005 8:25:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 684
ThreadCreationTime : 5-21-2005 8:25:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 864
ThreadCreationTime : 5-21-2005 8:25:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 940
ThreadCreationTime : 5-21-2005 8:25:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1044
ThreadCreationTime : 5-21-2005 8:25:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k NetworkService
ProcessID : 1092
ThreadCreationTime : 5-21-2005 8:25:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 1152
ThreadCreationTime : 5-21-2005 8:25:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1444
ThreadCreationTime : 5-21-2005 8:25:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k imgsvc
ProcessID : 1608
ThreadCreationTime : 5-21-2005 8:25:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [mxtask.exe]
ModuleName : C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
Command Line : n/a
ProcessID : 1640
ThreadCreationTime : 5-21-2005 8:25:32 PM
BasePriority : Normal
FileVersion : 5.0.4.1
CompanyName : V Communications, Inc.
FileDescription : The background task server
InternalName : MXTask
LegalCopyright : Copyright © 1997-2003 V Communications, Inc.
LegalTrademarks : SystemSuite is a trademark of V Communications, Inc.
OriginalFilename : MXTask.exe

#:14 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1752
ThreadCreationTime : 5-21-2005 8:25:33 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:15 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1216
ThreadCreationTime : 5-21-2005 8:25:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:16 [dlbtcoms.exe]
ModuleName : C:\WINDOWS\system32\dlbtcoms.exe
Command Line : C:\WINDOWS\system32\dlbtcoms.exe -service
ProcessID : 1320
ThreadCreationTime : 5-21-2005 8:25:45 PM
BasePriority : High
FileVersion : 1.27.19.0
ProductVersion : 1.27.19.0
ProductName : Dell Communication System
CompanyName : Dell
FileDescription : Dell Communication System
InternalName : DLBTcoms.exe

#:17 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 880
ThreadCreationTime : 5-21-2005 8:25:46 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:18 [mxtask.exe]
ModuleName : C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
Command Line : C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe -MXUSER
ProcessID : 1120
ThreadCreationTime : 5-21-2005 8:25:47 PM
BasePriority : Normal
FileVersion : 5.0.4.1
CompanyName : V Communications, Inc.
FileDescription : The background task server
InternalName : MXTask
LegalCopyright : Copyright © 1997-2003 V Communications, Inc.
LegalTrademarks : SystemSuite is a trademark of V Communications, Inc.
OriginalFilename : MXTask.exe

#:19 [hkcmd.exe]
ModuleName : C:\WINDOWS\system32\hkcmd.exe
Command Line : "C:\WINDOWS\system32\hkcmd.exe"
ProcessID : 3748
ThreadCreationTime : 5-21-2005 8:33:41 PM
BasePriority : Normal
FileVersion : 3.0.0.2285
ProductVersion : 7.0.0.2285
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE

#:20 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 3760
ThreadCreationTime : 5-21-2005 8:33:42 PM
BasePriority : Normal


#:21 [dvdlauncher.exe]
ModuleName : C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
Command Line : "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
ProcessID : 3768
ThreadCreationTime : 5-21-2005 8:33:43 PM
BasePriority : Normal
FileVersion : 3.00.0000
ProductVersion : 3.00.0000
ProductName : Cyberlink PowerCinema 3.0
CompanyName : CyberLink Corp.
FileDescription : CyberLink PowerCinema Resident Program
InternalName : CyberLink PowerCinema Resident Program
LegalCopyright : Copyright © 2003 CyberLink Corp.
OriginalFilename : DVDLauncher.EXE

#:22 [dmxlauncher.exe]
ModuleName : C:\Program Files\Dell\Media Experience\DMXLauncher.exe
Command Line : "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
ProcessID : 3812
ThreadCreationTime : 5-21-2005 8:33:44 PM
BasePriority : Normal


#:23 [sgtray.exe]
ModuleName : C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
Command Line : "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
ProcessID : 3904
ThreadCreationTime : 5-21-2005 8:33:44 PM
BasePriority : Normal
FileVersion : 1.01.33b
CompanyName : Sonic Solutions
FileDescription : Sonic Update Manager
LegalCopyright : Copyright © 2002 Sonic Solutions

#:24 [tfswctrl.exe]
ModuleName : C:\WINDOWS\system32\dla\tfswctrl.exe
Command Line : "C:\WINDOWS\system32\dla\tfswctrl.exe"
ProcessID : 3948
ThreadCreationTime : 5-21-2005 8:33:44 PM
BasePriority : Normal
FileVersion : 1.04.08a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions

#:25 [realplay.exe]
ModuleName : C:\Program Files\Real\RealPlayer\RealPlay.exe
Command Line : "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
ProcessID : 3960
ThreadCreationTime : 5-21-2005 8:33:44 PM
BasePriority : Normal
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:26 [support.exe]
ModuleName : C:\Program Files\Common Files\Dell\EUSW\Support.exe
Command Line : "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
ProcessID : 4024
ThreadCreationTime : 5-21-2005 8:33:45 PM
BasePriority : Normal
FileVersion : 2, 1, 1, 0
ProductVersion : 1, 0, 0, 1
ProductName : Dell Support
CompanyName : Dell
FileDescription : Support
InternalName : Support
LegalCopyright : Copyright © 2002
OriginalFilename : Support.exe

#:27 [motivesb.exe]
ModuleName : C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
Command Line : "C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe"
ProcessID : 4052
ThreadCreationTime : 5-21-2005 8:33:46 PM
BasePriority : Normal
FileVersion : 5.6.11.asst_classic.smartbridge.0
ProductVersion : 5.6.11.asst_classic.smartbridge
ProductName : Motive System
CompanyName : Motive Communications, Inc.
FileDescription : Motive SmartBridge
InternalName : version
LegalCopyright : Copyright 1998-2003
OriginalFilename : version

#:28 [notifyalert.exe]
ModuleName : C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
Command Line : "C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe" timer
ProcessID : 4060
ThreadCreationTime : 5-21-2005 8:33:46 PM
BasePriority : Normal


#:29 [wkufind.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
ProcessID : 4068
ThreadCreationTime : 5-21-2005 8:33:46 PM
BasePriority : Normal
FileVersion : 9.00.0912.0
ProductVersion : 9.00.0912.0
ProductName : Update Detection Module
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Update Detection
InternalName : WkUFind
LegalCopyright : Copyright © 1987-2003 Microsoft Corporation.
OriginalFilename : WkUFind.exe

#:30 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 4088
ThreadCreationTime : 5-21-2005 8:33:46 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:31 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 128
ThreadCreationTime : 5-21-2005 8:33:48 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:32 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 424
ThreadCreationTime : 5-21-2005 8:33:48 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:33 [dlg.exe]
ModuleName : C:\Program Files\Digital Line Detect\DLG.exe
Command Line : "C:\Program Files\Digital Line Detect\DLG.exe"
ProcessID : 804
ThreadCreationTime : 5-21-2005 8:33:50 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe

#:34 [ghostsurf.exe]
ModuleName : C:\Program Files\GhostSurf\GhostSurf.exe
Command Line : "C:\Program Files\GhostSurf\GhostSurf.exe"
ProcessID : 1504
ThreadCreationTime : 5-21-2005 8:33:50 PM
BasePriority : Normal
FileVersion : 0.10
ProductVersion : 0.10
ProductName : Tenebril Super-Application Architecture
CompanyName : Tenebril Incorporated
FileDescription : Architecture launch vehicle
InternalName : VehicleApp
LegalCopyright : Copyright © 2001 Tenebril Inc
OriginalFilename : VehicleApp.exe
Comments : Architecture launch vehicle

#:35 [wzqkpick.exe]
ModuleName : C:\Program Files\WinZip\WZQKPICK.EXE
Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE"
ProcessID : 1628
ThreadCreationTime : 5-21-2005 8:33:51 PM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6224)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:36 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 2424
ThreadCreationTime : 5-21-2005 8:34:01 PM
BasePriority : Normal
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:37 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2948
ThreadCreationTime : 5-21-2005 8:34:27 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Claria Object Recognized!
Type : File
Data : F2F8BF1C-3B49-4747-902C-3B6654
Category : Data Miner
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\70718C50-E180-4538-88F7-3A0F69\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : GAIN Publishing
CompanyName : GAIN Publishing, Inc
FileDescription : Gator Client Application
InternalName : GMT.exe
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc
OriginalFilename : GMT.exe


Claria Object Recognized!
Type : File
Data : F5B8C3C4-8B75-4F92-B8E2-2FC7F2
Category : Data Miner
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\70718C50-E180-4538-88F7-3A0F69\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GObjs.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GObjs.dll


Claria Object Recognized!
Type : File
Data : FD8AEE05-95D2-4269-9F00-CF8D7A
Category : Data Miner
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\70718C50-E180-4538-88F7-3A0F69\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GController.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GController.dll


WhenU Object Recognized!
Type : File
Data : A0031723.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP112\
FileVersion : 1, 5, 2, 2
ProductVersion : 1, 5, 2, 2
ProductName : Weather
FileDescription : Weather
InternalName : Weather
LegalCopyright : Copyright 2002
OriginalFilename : Weather.exe


Lop Object Recognized!
Type : File
Data : A0045655.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP153\



Lop Object Recognized!
Type : File
Data : A0045656.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP153\



Cydoor Object Recognized!
Type : File
Data : A0045657.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP153\

ProductName : Hotline


Cydoor Object Recognized!
Type : File
Data : A0025565.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP96\
FileVersion : 3, 2, 1, 0
ProductVersion : 3, 2, 1, 0
ProductName : Cydoor Technologies ad-system
CompanyName : Cydoor Technologies, Inc.
FileDescription : Cydoor Technologies ad-system
InternalName : CD_Clint.dll
LegalCopyright : Copyright © Cydoor Technologies, Inc. 1999-2001
LegalTrademarks : Cydoor Technologies™
OriginalFilename : CD_Clint.dll
Comments : This is a module of Cydoor's ad system. Additional information is available
at http://www.cydoor.com


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 8




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Lop Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 9

4:49:48 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:47.250
Objects scanned:156303
Objects identified:9
Objects ignored:0
New critical objects:9
  • 0

Advertisements


#2
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R46 17.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#3
MissMyMac

MissMyMac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ad-Aware SE Build 1.05
Logfile Created on:Saturday, May 21, 2005 11:22:50 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R46 17.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R46 17.05.2005
Internal build : 54
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 474775 Bytes
Total size : 1435210 Bytes
Signature data size : 1404100 Bytes
Reference data size : 30598 Bytes
Signatures total : 40060
Fingerprints total : 883
Fingerprints size : 30250 Bytes
Target categories : 15
Target families : 674


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:45 %
Total physical memory:522240 kb
Available physical memory:232428 kb
Total page file size:1277352 kb
Available on page file:1031436 kb
Total virtual memory:2097024 kb
Available virtual memory:2047984 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects


5-21-2005 11:22:50 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 376
ThreadCreationTime : 5-22-2005 3:18:38 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 568
ThreadCreationTime : 5-22-2005 3:18:40 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 592
ThreadCreationTime : 5-22-2005 3:18:41 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 672
ThreadCreationTime : 5-22-2005 3:18:41 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 684
ThreadCreationTime : 5-22-2005 3:18:41 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 864
ThreadCreationTime : 5-22-2005 3:18:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 940
ThreadCreationTime : 5-22-2005 3:18:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1044
ThreadCreationTime : 5-22-2005 3:18:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k NetworkService
ProcessID : 1088
ThreadCreationTime : 5-22-2005 3:18:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 1240
ThreadCreationTime : 5-22-2005 3:18:43 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1440
ThreadCreationTime : 5-22-2005 3:18:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k imgsvc
ProcessID : 1668
ThreadCreationTime : 5-22-2005 3:18:53 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [mxtask.exe]
ModuleName : C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
Command Line : n/a
ProcessID : 1760
ThreadCreationTime : 5-22-2005 3:18:56 AM
BasePriority : Normal
FileVersion : 5.0.4.1
CompanyName : V Communications, Inc.
FileDescription : The background task server
InternalName : MXTask
LegalCopyright : Copyright © 1997-2003 V Communications, Inc.
LegalTrademarks : SystemSuite is a trademark of V Communications, Inc.
OriginalFilename : MXTask.exe

#:14 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1804
ThreadCreationTime : 5-22-2005 3:18:56 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:15 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1156
ThreadCreationTime : 5-22-2005 3:19:01 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:16 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[414]SUSDS721b979f57a92f44b102e50b03182c18
ProcessID : 188
ThreadCreationTime : 5-22-2005 3:19:41 AM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:17 [mxtask.exe]
ModuleName : C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
Command Line : C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe -MXUSER
ProcessID : 1368
ThreadCreationTime : 5-22-2005 3:20:35 AM
BasePriority : Normal
FileVersion : 5.0.4.1
CompanyName : V Communications, Inc.
FileDescription : The background task server
InternalName : MXTask
LegalCopyright : Copyright © 1997-2003 V Communications, Inc.
LegalTrademarks : SystemSuite is a trademark of V Communications, Inc.
OriginalFilename : MXTask.exe

#:18 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1644
ThreadCreationTime : 5-22-2005 3:20:40 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:19 [hkcmd.exe]
ModuleName : C:\WINDOWS\system32\hkcmd.exe
Command Line : "C:\WINDOWS\system32\hkcmd.exe"
ProcessID : 2100
ThreadCreationTime : 5-22-2005 3:20:45 AM
BasePriority : Normal
FileVersion : 3.0.0.2285
ProductVersion : 7.0.0.2285
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE

#:20 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 2120
ThreadCreationTime : 5-22-2005 3:20:45 AM
BasePriority : Normal


#:21 [dvdlauncher.exe]
ModuleName : C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
Command Line : "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
ProcessID : 2128
ThreadCreationTime : 5-22-2005 3:20:45 AM
BasePriority : Normal
FileVersion : 3.00.0000
ProductVersion : 3.00.0000
ProductName : Cyberlink PowerCinema 3.0
CompanyName : CyberLink Corp.
FileDescription : CyberLink PowerCinema Resident Program
InternalName : CyberLink PowerCinema Resident Program
LegalCopyright : Copyright © 2003 CyberLink Corp.
OriginalFilename : DVDLauncher.EXE

#:22 [dmxlauncher.exe]
ModuleName : C:\Program Files\Dell\Media Experience\DMXLauncher.exe
Command Line : "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
ProcessID : 2148
ThreadCreationTime : 5-22-2005 3:20:46 AM
BasePriority : Normal


#:23 [sgtray.exe]
ModuleName : C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
Command Line : "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
ProcessID : 2196
ThreadCreationTime : 5-22-2005 3:20:46 AM
BasePriority : Normal
FileVersion : 1.01.33b
CompanyName : Sonic Solutions
FileDescription : Sonic Update Manager
LegalCopyright : Copyright © 2002 Sonic Solutions

#:24 [tfswctrl.exe]
ModuleName : C:\WINDOWS\system32\dla\tfswctrl.exe
Command Line : "C:\WINDOWS\system32\dla\tfswctrl.exe"
ProcessID : 2248
ThreadCreationTime : 5-22-2005 3:20:46 AM
BasePriority : Normal
FileVersion : 1.04.08a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions

#:25 [realplay.exe]
ModuleName : C:\Program Files\Real\RealPlayer\RealPlay.exe
Command Line : "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
ProcessID : 2256
ThreadCreationTime : 5-22-2005 3:20:46 AM
BasePriority : Normal
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:26 [support.exe]
ModuleName : C:\Program Files\Common Files\Dell\EUSW\Support.exe
Command Line : "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
ProcessID : 2288
ThreadCreationTime : 5-22-2005 3:20:47 AM
BasePriority : Normal
FileVersion : 2, 1, 1, 0
ProductVersion : 1, 0, 0, 1
ProductName : Dell Support
CompanyName : Dell
FileDescription : Support
InternalName : Support
LegalCopyright : Copyright © 2002
OriginalFilename : Support.exe

#:27 [motivesb.exe]
ModuleName : C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
Command Line : "C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe"
ProcessID : 2324
ThreadCreationTime : 5-22-2005 3:20:47 AM
BasePriority : Normal
FileVersion : 5.6.11.asst_classic.smartbridge.0
ProductVersion : 5.6.11.asst_classic.smartbridge
ProductName : Motive System
CompanyName : Motive Communications, Inc.
FileDescription : Motive SmartBridge
InternalName : version
LegalCopyright : Copyright 1998-2003
OriginalFilename : version

#:28 [wkufind.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
ProcessID : 2356
ThreadCreationTime : 5-22-2005 3:20:47 AM
BasePriority : Normal
FileVersion : 9.00.0912.0
ProductVersion : 9.00.0912.0
ProductName : Update Detection Module
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Update Detection
InternalName : WkUFind
LegalCopyright : Copyright © 1987-2003 Microsoft Corporation.
OriginalFilename : WkUFind.exe

#:29 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 2364
ThreadCreationTime : 5-22-2005 3:20:48 AM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:30 [notifyalert.exe]
ModuleName : C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
Command Line : "C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe" timer
ProcessID : 2388
ThreadCreationTime : 5-22-2005 3:20:49 AM
BasePriority : Normal


#:31 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 2408
ThreadCreationTime : 5-22-2005 3:20:49 AM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:32 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 2452
ThreadCreationTime : 5-22-2005 3:20:50 AM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:33 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\MsnMsgr.Exe
Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ProcessID : 2560
ThreadCreationTime : 5-22-2005 3:20:52 AM
BasePriority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:34 [weather.exe]
ModuleName : C:\Program Files\AWS\WeatherBug\Weather.exe
Command Line : "C:\Program Files\AWS\WeatherBug\Weather.exe" 1
ProcessID : 2568
ThreadCreationTime : 5-22-2005 3:20:52 AM
BasePriority : Normal
FileVersion : 6, 4, 0, 9
ProductVersion : 6, 4, 0, 9
ProductName : WeatherBug
CompanyName : AWS Convergence Technologies, Inc.
FileDescription : WeatherBug
InternalName : Desktop Weather
LegalCopyright : Copyright © 2001-2004
LegalTrademarks : WeatherBug
OriginalFilename : Weather.exe
Comments : World Largest Weather Network

#:35 [dlg.exe]
ModuleName : C:\Program Files\Digital Line Detect\DLG.exe
Command Line : "C:\Program Files\Digital Line Detect\DLG.exe"
ProcessID : 2728
ThreadCreationTime : 5-22-2005 3:20:55 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe

#:36 [ghostsurf.exe]
ModuleName : C:\Program Files\GhostSurf\GhostSurf.exe
Command Line : "C:\Program Files\GhostSurf\GhostSurf.exe"
ProcessID : 2740
ThreadCreationTime : 5-22-2005 3:20:55 AM
BasePriority : Normal
FileVersion : 0.10
ProductVersion : 0.10
ProductName : Tenebril Super-Application Architecture
CompanyName : Tenebril Incorporated
FileDescription : Architecture launch vehicle
InternalName : VehicleApp
LegalCopyright : Copyright © 2001 Tenebril Inc
OriginalFilename : VehicleApp.exe
Comments : Architecture launch vehicle

#:37 [wzqkpick.exe]
ModuleName : C:\Program Files\WinZip\WZQKPICK.EXE
Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE"
ProcessID : 2800
ThreadCreationTime : 5-22-2005 3:20:56 AM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6224)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:38 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 2912
ThreadCreationTime : 5-22-2005 3:21:00 AM
BasePriority : Normal
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:39 [mpbtn.exe]
ModuleName : C:\Program Files\Verizon Online\bin\mpbtn.exe
Command Line : "C:\Program Files\Verizon Online\bin\mpbtn.exe"
ProcessID : 3236
ThreadCreationTime : 5-22-2005 3:21:07 AM
BasePriority : Normal
FileVersion : 5.0.2.4.asst_classic.asst_mpbtn.20020806_105000
ProductVersion : 5.0.2.4.asst_classic.asst_mpbtn
ProductName : Motive System
CompanyName : Motive Communications, Inc.
FileDescription : Motive Chorus System Tray Button
InternalName : mpbtn
LegalCopyright : Copyright 1998, 1999, 2000
OriginalFilename : mpbtn

#:40 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3376
ThreadCreationTime : 5-22-2005 3:21:15 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 0


11:35:37 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:47.485
Objects scanned:150899
Objects identified:0
Objects ignored:0
New critical objects:0
  • 0

#4
MissMyMac

MissMyMac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks! :tazz:
  • 0

#5
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Your logfile looks clean,

Are you still having problems?
  • 0

#6
MissMyMac

MissMyMac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
It does not appear so anymore. However, my primary Anti-Virus Program (System Suite 5) Still shows WORM.ALCAN.A showing up in "p2pnetwork.exe" in the C:\WINDOWS\SYSTEM32 file. I'm hesitant to delete anything in the windows file anyway, but aside from that I could find no SYSTEM32 file in there when I checked.

I'm wondering if the worm will just repopulate itself from the p2p file eventually. Other than that though things look great! Thanks again.
  • 0

#7
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please also scan your computer with at least one of the following, free online AV scanners


Panda

Symantec

McAfee

TrendMicro Recommended

F-secure


Keep us updated

Thanks

Andy
  • 0

#8
MissMyMac

MissMyMac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
The TrendMicro scan failed bringing up only a box saying "Clean Failed:WORM_MUGLY.I" and allowing me to hit 'Okay'. Going to try another one overnight.

Correction: The box was brought up but the scan is continuing. Will post results tommorow if I am able.

Edited by MissMyMac, 24 May 2005 - 10:41 PM.

  • 0

#9
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi MissMyMac,
  • Please disable your current AV
  • Click Here and run RAV online scan,
  • Copy and paste back the log into this thread when it has finished,
  • Be sure and enable your AV when done with the above

  • 0

#10
MissMyMac

MissMyMac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Alright I ran that last online scan you told me to. It found an archive with a virus in it. It has been deleted now and the next scan resulted with nothing found. I'll see how the computer performs the next couple days. Is there something else you'd like me to run to check it?
  • 0

Advertisements


#11
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Did any of the other online scan that Andy recommended find anything ?

If not I would say your all set,


Please use the following suggestion to help prevent reinfection

Download the following program, For keeping crap off your system to begin with
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer.
Download Spyware Blaster

Keep AD-Aware. and Spybot 1.3 handy, Check them for updates prior to running and run them weekly
Same with your Anti Virus,

For an added check run an online virus scan, you can use one of the 2 below,
TrendMicro's HouseCall
ActiveScan

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.
For ease use the following program
Download and install Cleanup
Run "Cleanup" and when it has finished, Reboot

Remeber to Check Windows for updates

Probably a good time to create a new restore point See Here Name it clean or something like that,
  • 0

#12
MissMyMac

MissMyMac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Alright apparently WORM.ALCAN.A is still in my computer. Ad-Aware in the last scan found some files that were easily removed, but didn't find this WORM. Though of course I'm not sure if thats exactly what it was designed for anyway. However my System Suite AV is still finding that c:\windows\system32\p2pnetwork.exe is still infected with the worm. The System Suite is still not able to remove it and I am directed to a website telling me to run 'regedit' howeve regedit does not seem to do anything. The black window (DOS session?) pops up and immediately disappears. Any new ideas about this problem?

Oh, and I'd like to emphasize that your help has been EXTREMELY helpful in fixing a variety of other problems on my system and I thank you for it.

-MMM
  • 0

#13
MissMyMac

MissMyMac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Incidentally, the reason I don't delete p2pnetwork.exe manually is that the System32 file is not showing up in my WINDOWS file. I also cannot seem to get a DOS prompt to run using either 'regedit' or 'cmd' in the run app; in or out of safe mode.
  • 0

#14
MissMyMac

MissMyMac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
No reply? Does that mean you've done all you can do in this forum and I should post my question on the other one?

-MMM
  • 0

#15
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Sorry I overlooked your post MMM
  • Download Pocket Killbox from. Here
  • Paste the full file path c:\windows\system32\p2pnetwork.exe in the box and click on Delete on Reboot.
  • Next click on the button with the red circle and an X in the middle. You will get a message saying "File with be deleted on next reboot, Process and Reboot now?"
  • Click "Yes"
  • Let the system reboot
    Let us know how you make out

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP