Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Referred]Ad-aware scan results

Started by IBG , May 24 2005 11:58 AM

  • Please log in to reply

#1
IBG
Posted 24 May 2005 - 11:58 AM

IBG

    Member

  • Member
  • PipPip
  • 25 posts
I'm having trouble removing these items from my laptop, please help.



Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, May 24, 2005 11:41:04 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R46 17.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
DealHelper(TAC index:7):10 total references
MRU List(TAC index:0):1 total references
PeopleOnPage(TAC index:9):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-24-2005 11:41:04 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 148
ThreadCreationTime : 5-24-2005 5:37:23 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 172
ThreadCreationTime : 5-24-2005 5:37:33 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 168
ThreadCreationTime : 5-24-2005 5:37:36 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 220
ThreadCreationTime : 5-24-2005 5:37:39 PM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 232
ThreadCreationTime : 5-24-2005 5:37:39 PM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 412
ThreadCreationTime : 5-24-2005 5:37:44 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 440
ThreadCreationTime : 5-24-2005 5:37:44 PM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [ati2evxx.exe]
FilePath : C:\WINNT\system32\
ProcessID : 468
ThreadCreationTime : 5-24-2005 5:37:45 PM
BasePriority : Normal


#:9 [dntus26.exe]
FilePath : C:\WINNT\SYSTEM32\
ProcessID : 484
ThreadCreationTime : 5-24-2005 5:37:45 PM
BasePriority : Normal
FileVersion : 4, 2, 0, 2
ProductVersion : 4, 2, 0, 2
ProductName : DameWare Development Remote Command Server
CompanyName : DameWare Development LLC
FileDescription : DameWare Development Remote Command Server
InternalName : DNTUSrv
LegalCopyright : Copyright © 1991-2004 DameWare Development LLC
LegalTrademarks : DameWare NT Utilities
OriginalFilename : DNTUSrv.exe
Comments : http://www.dameware.com

#:10 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 500
ThreadCreationTime : 5-24-2005 5:37:45 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:11 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 552
ThreadCreationTime : 5-24-2005 5:37:50 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:12 [mstask.exe]
FilePath : C:\WINNT\system32\
ProcessID : 640
ThreadCreationTime : 5-24-2005 5:37:53 PM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:13 [spools.exe]
FilePath : C:\WINNT\
ProcessID : 692
ThreadCreationTime : 5-24-2005 5:37:56 PM
BasePriority : Normal


#:14 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ProcessID : 760
ThreadCreationTime : 5-24-2005 5:37:58 PM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:15 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 796
ThreadCreationTime : 5-24-2005 5:37:59 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:16 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 824
ThreadCreationTime : 5-24-2005 5:38:00 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:17 [m.exe]
FilePath : C:\
ProcessID : 928
ThreadCreationTime : 5-24-2005 5:38:10 PM
BasePriority : Normal


#:18 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 1052
ThreadCreationTime : 5-24-2005 5:38:18 PM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:19 [atiptaxx.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1148
ThreadCreationTime : 5-24-2005 5:38:28 PM
BasePriority : Normal
FileVersion : 4.12.2489
ProductVersion : 4.12.2489
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2000 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:20 [devdetect.exe]
FilePath : C:\Program Files\Common Files\ACD Systems\EN\
ProcessID : 1160
ThreadCreationTime : 5-24-2005 5:38:28 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 12
ProductVersion : 2, 0, 0, 12
ProductName : Device Detector
CompanyName : ACD Systems, Ltd.
FileDescription : Device Detector
InternalName : DevDetect
LegalCopyright : Copyright © 2003
OriginalFilename : DevDetect.exe

#:21 [msnappau.exe]
FilePath : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\
ProcessID : 1168
ThreadCreationTime : 5-24-2005 5:38:28 PM
BasePriority : Normal


#:22 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 1180
ThreadCreationTime : 5-24-2005 5:38:30 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:23 [palsp.exe]
FilePath : c:\winnt\system32\eltra\
ProcessID : 1192
ThreadCreationTime : 5-24-2005 5:38:31 PM
BasePriority : Normal


#:24 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1204
ThreadCreationTime : 5-24-2005 5:38:31 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:25 [internal.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1228
ThreadCreationTime : 5-24-2005 5:38:32 PM
BasePriority : Normal


#:26 [nese.exe]
FilePath : C:\WINNT\system32\
ProcessID : 616
ThreadCreationTime : 5-24-2005 5:38:32 PM
BasePriority : Normal


#:27 [etytojacu.exe]
FilePath : C:\WINNT\SYSTEM32\
ProcessID : 1248
ThreadCreationTime : 5-24-2005 5:38:33 PM
BasePriority : Normal


#:28 [dns.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1024
ThreadCreationTime : 5-24-2005 5:38:34 PM
BasePriority : Normal


#:29 [wkssvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1260
ThreadCreationTime : 5-24-2005 5:38:34 PM
BasePriority : Normal


#:30 [svshost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1316
ThreadCreationTime : 5-24-2005 5:38:35 PM
BasePriority : Normal


#:31 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 1328
ThreadCreationTime : 5-24-2005 5:38:35 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:32 [frrbw5s.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1332
ThreadCreationTime : 5-24-2005 5:38:36 PM
BasePriority : Normal


#:33 [getikap.exe]
FilePath : C:\WINNT\SYSTEM32\
ProcessID : 1344
ThreadCreationTime : 5-24-2005 5:38:37 PM
BasePriority : Normal


#:34 [wshield.exe]
FilePath : c:\winnt\system32\eltra\
ProcessID : 1308
ThreadCreationTime : 5-24-2005 5:38:38 PM
BasePriority : Normal
FileVersion : 2.0
ProductVersion : 2.0
ProductName : h4x0rb0t 2.0 Lame [bleep]
CompanyName : h4ckXcr3w
FileDescription : h4x0rb0t 2.0 Lame [bleep]
InternalName : h4x0rb0t 2.0 Lame [bleep]
LegalCopyright : h4ckXcr3w 0wnz j00 all
OriginalFilename : HEhhe [bleep] Off

#:35 [kwfq.exe]
FilePath : C:\Program Files\Iaog\
ProcessID : 1376
ThreadCreationTime : 5-24-2005 5:38:38 PM
BasePriority : Normal


#:36 [atilufuto.exe]
FilePath : C:\WINNT\SYSTEM32\
ProcessID : 1408
ThreadCreationTime : 5-24-2005 5:38:39 PM
BasePriority : Normal


#:37 [h32montr.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1364
ThreadCreationTime : 5-24-2005 5:38:39 PM
BasePriority : Normal


#:38 [vcxvzgqefa.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1440
ThreadCreationTime : 5-24-2005 5:38:41 PM
BasePriority : Normal


#:39 [kutav.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1456
ThreadCreationTime : 5-24-2005 5:38:42 PM
BasePriority : Normal


#:40 [ctfmon.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1500
ThreadCreationTime : 5-24-2005 5:38:42 PM
BasePriority : Normal
FileVersion : 1.00.2409.7 built by: Lab06_N
ProductVersion : 1.00.2409.7
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Cicero Loader
InternalName : CICLOAD
LegalCopyright : Copyright © Microsoft Corporation. 1981-2001
OriginalFilename : CICLOAD.EXE

#:41 [wkssvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1512
ThreadCreationTime : 5-24-2005 5:38:42 PM
BasePriority : Normal


#:42 [svshost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1520
ThreadCreationTime : 5-24-2005 5:38:42 PM
BasePriority : Normal


#:43 [dns.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1532
ThreadCreationTime : 5-24-2005 5:38:43 PM
BasePriority : Normal


#:44 [frrbw5s.exe]
FilePath : C:\WINNT\system32\
ProcessID : 948
ThreadCreationTime : 5-24-2005 5:38:43 PM
BasePriority : Normal


#:45 [internal.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1480
ThreadCreationTime : 5-24-2005 5:38:45 PM
BasePriority : Normal


#:46 [gcdui1.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1544
ThreadCreationTime : 5-24-2005 5:38:46 PM
BasePriority : Normal


#:47 [vcxvzgqefa.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1552
ThreadCreationTime : 5-24-2005 5:38:46 PM
BasePriority : Normal


#:48 [kutav.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1568
ThreadCreationTime : 5-24-2005 5:38:46 PM
BasePriority : Normal


#:49 [acrotray.exe]
FilePath : C:\Program Files\Adobe\Acrobat 4.0\Distillr\
ProcessID : 1592
ThreadCreationTime : 5-24-2005 5:38:49 PM
BasePriority : Normal


#:50 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 920
ThreadCreationTime : 5-24-2005 5:40:26 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

DealHelper Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dealhelper

DealHelper Object Recognized!
Type : Regkey
Data : DealHelper
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\Dealhelper

DealHelper Object Recognized!
Type : Regkey
Data : DealHelper
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-839522115-1580818891-1957994488-1000\software\microsoft\windows\currentversion\uninstall\Dealhelper

DealHelper Object Recognized!
Type : Regkey
Data : DealHelper
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Dealhelper

DealHelper Object Recognized!
Type : RegValue
Data : DealHelper
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Dealhelper
Value : DisplayName

DealHelper Object Recognized!
Type : RegValue
Data : DealHelper
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Dealhelper
Value : DisplayIcon

DealHelper Object Recognized!
Type : RegValue
Data : DealHelper
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Dealhelper
Value : UninstallString

PeopleOnPage Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\envolo

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 9


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

DealHelper Object Recognized!
Type : File
Data : dun.exe
Category : Malware
Comment :
Object : C:\WINNT\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : UnInstallKey Application
FileDescription : UnInstallKey MFC Application
InternalName : UnInstallKey
LegalCopyright : Copyright © 2003
OriginalFilename : UnInstallKey.EXE


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

DealHelper Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {01E04581-4EEE-11D0-BFE9-00AA005B4383}

DealHelper Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : version

PeopleOnPage Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\autoloader

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 13

11:45:51 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:47.3
Objects scanned:54107
Objects identified:12
Objects ignored:0
New critical objects:12
  • 0

Advertisements

#2
Guest_Andy_veal_*
Posted 24 May 2005 - 03:25 PM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R47 24.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#3
IBG
Posted 25 May 2005 - 01:21 AM

IBG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hi Andy, thank you for your prompt reply.
Here's the last scan as per your instructions:

Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, May 25, 2005 1:04:38 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
Fingerprints total : 886
Fingerprints size : 30371 Bytes
Target categories : 15
Target families : 679


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:6 %
Total physical memory:130544 kb
Available physical memory:7504 kb
Total page file size:310172 kb
Available on page file:149424 kb
Total virtual memory:2097024 kb
Available virtual memory:2045196 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects


5-25-2005 1:04:38 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 148
ThreadCreationTime : 5-25-2005 7:02:34 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 172
ThreadCreationTime : 5-25-2005 7:02:41 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 168
ThreadCreationTime : 5-25-2005 7:02:44 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 220
ThreadCreationTime : 5-25-2005 7:02:46 AM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 232
ThreadCreationTime : 5-25-2005 7:02:46 AM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 404
ThreadCreationTime : 5-25-2005 7:02:51 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 432
ThreadCreationTime : 5-25-2005 7:02:52 AM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [ati2evxx.exe]
ModuleName : C:\WINNT\system32\Ati2evxx.exe
Command Line : C:\WINNT\system32\Ati2evxx.exe
ProcessID : 460
ThreadCreationTime : 5-25-2005 7:02:52 AM
BasePriority : Normal


#:9 [dntus26.exe]
ModuleName : C:\WINNT\SYSTEM32\DNTUS26.EXE
Command Line : C:\WINNT\SYSTEM32\DNTUS26.EXE
ProcessID : 476
ThreadCreationTime : 5-25-2005 7:02:52 AM
BasePriority : Normal
FileVersion : 4, 2, 0, 2
ProductVersion : 4, 2, 0, 2
ProductName : DameWare Development Remote Command Server
CompanyName : DameWare Development LLC
FileDescription : DameWare Development Remote Command Server
InternalName : DNTUSrv
LegalCopyright : Copyright © 1991-2004 DameWare Development LLC
LegalTrademarks : DameWare NT Utilities
OriginalFilename : DNTUSrv.exe
Comments : http://www.dameware.com

#:10 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 496
ThreadCreationTime : 5-25-2005 7:02:53 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:11 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
ProcessID : 548
ThreadCreationTime : 5-25-2005 7:02:57 AM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:12 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 600
ThreadCreationTime : 5-25-2005 7:02:58 AM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:13 [spools.exe]
ModuleName : C:\WINNT\spools.exe
Command Line : C:\WINNT\spools.exe
ProcessID : 684
ThreadCreationTime : 5-25-2005 7:03:02 AM
BasePriority : Normal


#:14 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 768
ThreadCreationTime : 5-25-2005 7:03:04 AM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:15 [explorer.exe]
ModuleName : C:\WINNT\Explorer.EXE
Command Line : C:\WINNT\Explorer.EXE
ProcessID : 792
ThreadCreationTime : 5-25-2005 7:03:04 AM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:16 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost.exe -k wugroup
ProcessID : 832
ThreadCreationTime : 5-25-2005 7:03:05 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:17 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k BITSgroup
ProcessID : 848
ThreadCreationTime : 5-25-2005 7:03:05 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:18 [atiptaxx.exe]
ModuleName : C:\WINNT\system32\Atiptaxx.exe
Command Line : "C:\WINNT\system32\Atiptaxx.exe"
ProcessID : 968
ThreadCreationTime : 5-25-2005 7:03:16 AM
BasePriority : Normal
FileVersion : 4.12.2489
ProductVersion : 4.12.2489
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2000 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:19 [devdetect.exe]
ModuleName : C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
Command Line : "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
ProcessID : 988
ThreadCreationTime : 5-25-2005 7:03:17 AM
BasePriority : Normal
FileVersion : 2, 0, 0, 12
ProductVersion : 2, 0, 0, 12
ProductName : Device Detector
CompanyName : ACD Systems, Ltd.
FileDescription : Device Detector
InternalName : DevDetect
LegalCopyright : Copyright © 2003
OriginalFilename : DevDetect.exe

#:20 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
ProcessID : 1024
ThreadCreationTime : 5-25-2005 7:03:18 AM
BasePriority : Normal


#:21 [palsp.exe]
ModuleName : c:\winnt\system32\eltra\palsp.exe
Command Line : c:\winnt\system32\eltra\palsp.exe
ProcessID : 1044
ThreadCreationTime : 5-25-2005 7:03:20 AM
BasePriority : Normal


#:22 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 1052
ThreadCreationTime : 5-25-2005 7:03:20 AM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:23 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1060
ThreadCreationTime : 5-25-2005 7:03:21 AM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:24 [internal.exe]
ModuleName : C:\WINNT\system32\internal.exe
Command Line : "C:\WINNT\system32\internal.exe"
ProcessID : 1072
ThreadCreationTime : 5-25-2005 7:03:21 AM
BasePriority : Normal


#:25 [nese.exe]
ModuleName : C:\WINNT\system32\nese.exe
Command Line : "C:\WINNT\system32\nese.exe"
ProcessID : 1088
ThreadCreationTime : 5-25-2005 7:03:22 AM
BasePriority : Normal


#:26 [etytojacu.exe]
ModuleName : C:\WINNT\SYSTEM32\etytojacu.exe
Command Line : "C:\WINNT\SYSTEM32\etytojacu.exe"
ProcessID : 1100
ThreadCreationTime : 5-25-2005 7:03:22 AM
BasePriority : Normal


#:27 [dns.exe]
ModuleName : C:\WINNT\system32\dns.exe
Command Line : "C:\WINNT\system32\dns.exe"
ProcessID : 1112
ThreadCreationTime : 5-25-2005 7:03:23 AM
BasePriority : Normal


#:28 [wkssvc.exe]
ModuleName : C:\WINNT\system32\wkssvc.exe
Command Line : "C:\WINNT\system32\wkssvc.exe"
ProcessID : 1120
ThreadCreationTime : 5-25-2005 7:03:23 AM
BasePriority : Normal


#:29 [svshost.exe]
ModuleName : C:\WINNT\system32\svshost.exe
Command Line : "C:\WINNT\system32\svshost.exe"
ProcessID : 1152
ThreadCreationTime : 5-25-2005 7:03:24 AM
BasePriority : Normal


#:30 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 1168
ThreadCreationTime : 5-25-2005 7:03:24 AM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:31 [frrbw5s.exe]
ModuleName : C:\WINNT\system32\frrbw5s.exe
Command Line : "C:\WINNT\system32\frrbw5s.exe"
ProcessID : 1188
ThreadCreationTime : 5-25-2005 7:03:24 AM
BasePriority : Normal


#:32 [getikap.exe]
ModuleName : C:\WINNT\SYSTEM32\getikap.exe
Command Line : "C:\WINNT\SYSTEM32\getikap.exe"
ProcessID : 1196
ThreadCreationTime : 5-25-2005 7:03:25 AM
BasePriority : Normal


#:33 [wshield.exe]
ModuleName : c:\winnt\system32\eltra\wshield.exe
Command Line : wshield.exe
ProcessID : 1276
ThreadCreationTime : 5-25-2005 7:03:26 AM
BasePriority : Normal
FileVersion : 2.0
ProductVersion : 2.0
ProductName : h4x0rb0t 2.0 Lame [bleep]
CompanyName : h4ckXcr3w
FileDescription : h4x0rb0t 2.0 Lame [bleep]
InternalName : h4x0rb0t 2.0 Lame [bleep]
LegalCopyright : h4ckXcr3w 0wnz j00 all
OriginalFilename : HEhhe [bleep] Off

#:34 [kwfq.exe]
ModuleName : C:\Program Files\Iaog\Kwfq.exe
Command Line : "C:\Program Files\Iaog\Kwfq.exe"
ProcessID : 1292
ThreadCreationTime : 5-25-2005 7:03:26 AM
BasePriority : Normal


#:35 [atilufuto.exe]
ModuleName : C:\WINNT\SYSTEM32\atilufuto.exe
Command Line : "C:\WINNT\SYSTEM32\atilufuto.exe"
ProcessID : 1328
ThreadCreationTime : 5-25-2005 7:03:28 AM
BasePriority : Normal


#:36 [kutav.exe]
ModuleName : C:\WINNT\system32\kutav.exe
Command Line : "C:\WINNT\system32\kutav.exe"
ProcessID : 1416
ThreadCreationTime : 5-25-2005 7:03:29 AM
BasePriority : Normal


#:37 [vcxvzgqefa.exe]
ModuleName : C:\WINNT\system32\vcxvzgqefa.exe
Command Line : "C:\WINNT\system32\vcxvzgqefa.exe"
ProcessID : 1336
ThreadCreationTime : 5-25-2005 7:03:30 AM
BasePriority : Normal


#:38 [yetdit.exe]
ModuleName : C:\WINNT\system32\yetdit.exe
Command Line : "C:\WINNT\system32\yetdit.exe"
ProcessID : 1000
ThreadCreationTime : 5-25-2005 7:03:30 AM
BasePriority : Normal


#:39 [ctfmon.exe]
ModuleName : C:\WINNT\system32\ctfmon.exe
Command Line : "C:\WINNT\system32\ctfmon.exe"
ProcessID : 1404
ThreadCreationTime : 5-25-2005 7:03:30 AM
BasePriority : Normal
FileVersion : 1.00.2409.7 built by: Lab06_N
ProductVersion : 1.00.2409.7
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Cicero Loader
InternalName : CICLOAD
LegalCopyright : Copyright © Microsoft Corporation. 1981-2001
OriginalFilename : CICLOAD.EXE

#:40 [wkssvc.exe]
ModuleName : C:\WINNT\system32\wkssvc.exe
Command Line : "C:\WINNT\system32\wkssvc.exe"
ProcessID : 1388
ThreadCreationTime : 5-25-2005 7:03:30 AM
BasePriority : Normal


#:41 [svshost.exe]
ModuleName : C:\WINNT\system32\svshost.exe
Command Line : "C:\WINNT\system32\svshost.exe"
ProcessID : 1432
ThreadCreationTime : 5-25-2005 7:03:30 AM
BasePriority : Normal


#:42 [dns.exe]
ModuleName : C:\WINNT\system32\dns.exe
Command Line : "C:\WINNT\system32\dns.exe"
ProcessID : 1436
ThreadCreationTime : 5-25-2005 7:03:30 AM
BasePriority : Normal


#:43 [frrbw5s.exe]
ModuleName : C:\WINNT\system32\frrbw5s.exe
Command Line : "C:\WINNT\system32\frrbw5s.exe"
ProcessID : 1444
ThreadCreationTime : 5-25-2005 7:03:30 AM
BasePriority : Normal


#:44 [internal.exe]
ModuleName : C:\WINNT\system32\internal.exe
Command Line : "C:\WINNT\system32\internal.exe"
ProcessID : 1452
ThreadCreationTime : 5-25-2005 7:03:31 AM
BasePriority : Normal


#:45 [wzcquoui.exe]
ModuleName : C:\WINNT\system32\wzcquoui.exe
Command Line : "C:\WINNT\system32\wzcquoui.exe"
ProcessID : 1480
ThreadCreationTime : 5-25-2005 7:03:31 AM
BasePriority : Normal


#:46 [kutav.exe]
ModuleName : C:\WINNT\system32\kutav.exe
Command Line : "C:\WINNT\system32\kutav.exe"
ProcessID : 1488
ThreadCreationTime : 5-25-2005 7:03:31 AM
BasePriority : Normal


#:47 [vcxvzgqefa.exe]
ModuleName : C:\WINNT\system32\vcxvzgqefa.exe
Command Line : "C:\WINNT\system32\vcxvzgqefa.exe"
ProcessID : 1500
ThreadCreationTime : 5-25-2005 7:03:32 AM
BasePriority : Normal


#:48 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe"
ProcessID : 1420
ThreadCreationTime : 5-25-2005 7:03:34 AM
BasePriority : Normal


#:49 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1552
ThreadCreationTime : 5-25-2005 7:03:50 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
1:09:03 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:25.402
Objects scanned:53889
Objects identified:0
Objects ignored:0
New critical objects:0
  • 0

#4
IBG
Posted 25 May 2005 - 12:48 PM

IBG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I just turned on my laptop and did another ad-aware scan to see if i'd get the same results, but that's not the case.
I also ran pandasoftware's activescan and it found whole bunch of infected files.

Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, May 25, 2005 12:30:58 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
Fingerprints total : 886
Fingerprints size : 30371 Bytes
Target categories : 15
Target families : 679


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:15 %
Total physical memory:130544 kb
Available physical memory:19272 kb
Total page file size:310204 kb
Available on page file:171852 kb
Total virtual memory:2097024 kb
Available virtual memory:2041468 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects


5-25-2005 12:30:58 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 148
ThreadCreationTime : 5-25-2005 1:36:41 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 172
ThreadCreationTime : 5-25-2005 1:36:49 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 192
ThreadCreationTime : 5-25-2005 1:36:52 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 220
ThreadCreationTime : 5-25-2005 1:36:54 PM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 232
ThreadCreationTime : 5-25-2005 1:36:54 PM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 408
ThreadCreationTime : 5-25-2005 1:36:59 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 440
ThreadCreationTime : 5-25-2005 1:37:00 PM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [dntus26.exe]
ModuleName : C:\WINNT\SYSTEM32\DNTUS26.EXE
Command Line : C:\WINNT\SYSTEM32\DNTUS26.EXE
ProcessID : 484
ThreadCreationTime : 5-25-2005 1:37:00 PM
BasePriority : Normal
FileVersion : 4, 2, 0, 2
ProductVersion : 4, 2, 0, 2
ProductName : DameWare Development Remote Command Server
CompanyName : DameWare Development LLC
FileDescription : DameWare Development Remote Command Server
InternalName : DNTUSrv
LegalCopyright : Copyright © 1991-2004 DameWare Development LLC
LegalTrademarks : DameWare NT Utilities
OriginalFilename : DNTUSrv.exe
Comments : http://www.dameware.com

#:9 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 500
ThreadCreationTime : 5-25-2005 1:37:01 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:10 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
ProcessID : 552
ThreadCreationTime : 5-25-2005 1:37:05 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:11 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 636
ThreadCreationTime : 5-25-2005 1:37:08 PM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:12 [spools.exe]
ModuleName : C:\WINNT\spools.exe
Command Line : C:\WINNT\spools.exe
ProcessID : 692
ThreadCreationTime : 5-25-2005 1:37:11 PM
BasePriority : Normal


#:13 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 760
ThreadCreationTime : 5-25-2005 1:37:14 PM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:14 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost.exe -k wugroup
ProcessID : 792
ThreadCreationTime : 5-25-2005 1:37:15 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:15 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k BITSgroup
ProcessID : 812
ThreadCreationTime : 5-25-2005 1:37:16 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:16 [mmi.exe]
ModuleName : C:\mmi.exe
Command Line : C:\mmi.exe
ProcessID : 988
ThreadCreationTime : 5-25-2005 1:37:25 PM
BasePriority : Normal


#:17 [explorer.exe]
ModuleName : C:\WINNT\Explorer.EXE
Command Line : C:\WINNT\Explorer.EXE
ProcessID : 1028
ThreadCreationTime : 5-25-2005 4:35:54 PM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:18 [atiptaxx.exe]
ModuleName : C:\WINNT\system32\Atiptaxx.exe
Command Line : "C:\WINNT\system32\Atiptaxx.exe"
ProcessID : 1708
ThreadCreationTime : 5-25-2005 4:35:57 PM
BasePriority : Normal
FileVersion : 4.12.2489
ProductVersion : 4.12.2489
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2000 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:19 [devdetect.exe]
ModuleName : C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
Command Line : "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
ProcessID : 1616
ThreadCreationTime : 5-25-2005 4:35:58 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 12
ProductVersion : 2, 0, 0, 12
ProductName : Device Detector
CompanyName : ACD Systems, Ltd.
FileDescription : Device Detector
InternalName : DevDetect
LegalCopyright : Copyright © 2003
OriginalFilename : DevDetect.exe

#:20 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
ProcessID : 9024
ThreadCreationTime : 5-25-2005 4:35:58 PM
BasePriority : Normal


#:21 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 1368
ThreadCreationTime : 5-25-2005 4:35:59 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:22 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1252
ThreadCreationTime : 5-25-2005 4:35:59 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:23 [sryv.exe]
ModuleName : C:\Program Files\Tpyisaw\Sryv.exe
Command Line : "C:\Program Files\Tpyisaw\Sryv.exe"
ProcessID : 1232
ThreadCreationTime : 5-25-2005 4:36:00 PM
BasePriority : Normal


#:24 [palsp.exe]
ModuleName : c:\winnt\system32\eltra\palsp.exe
Command Line : c:\winnt\system32\eltra\palsp.exe
ProcessID : 9968
ThreadCreationTime : 5-25-2005 4:36:00 PM
BasePriority : Normal


#:25 [yetdit.exe]
ModuleName : C:\WINNT\system32\yetdit.exe
Command Line : "C:\WINNT\system32\yetdit.exe"
ProcessID : 1564
ThreadCreationTime : 5-25-2005 4:36:01 PM
BasePriority : Normal


#:26 [hqbxbwwm.exe]
ModuleName : C:\winnt\system32\hqbxbwwm.exe
Command Line : "C:\winnt\system32\hqbxbwwm.exe"
ProcessID : 1312
ThreadCreationTime : 5-25-2005 4:36:01 PM
BasePriority : Normal
FileVersion : 1, 0, 2, 17
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
Warning! Win32.TrojanDownloader.Agent.Ay Object found in memory(C:\winnt\system32\hqbxbwwm.exe)

Win32.TrojanDownloader.Agent.Ay Object Recognized!
Type : Process
Data : hqbxbwwm.exe
Category : Data Miner
Comment :
Object : C:\winnt\system32\
FileVersion : 1, 0, 2, 17
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

Warning! "C:\winnt\system32\hqbxbwwm.exe"Process could not be terminated!
Warning! "C:\winnt\system32\hqbxbwwm.exe"Process could not be terminated!

#:27 [ctfmon.exe]
ModuleName : C:\WINNT\system32\ctfmon.exe
Command Line : "C:\WINNT\system32\ctfmon.exe"
ProcessID : 1060
ThreadCreationTime : 5-25-2005 4:36:01 PM
BasePriority : Normal
FileVersion : 1.00.2409.7 built by: Lab06_N
ProductVersion : 1.00.2409.7
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Cicero Loader
InternalName : CICLOAD
LegalCopyright : Copyright © Microsoft Corporation. 1981-2001
OriginalFilename : CICLOAD.EXE

#:28 [wzcquoui.exe]
ModuleName : C:\WINNT\system32\wzcquoui.exe
Command Line : "C:\WINNT\system32\wzcquoui.exe"
ProcessID : 1064
ThreadCreationTime : 5-25-2005 4:36:01 PM
BasePriority : Normal


#:29 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe"
ProcessID : 1092
ThreadCreationTime : 5-25-2005 4:36:03 PM
BasePriority : Normal


#:30 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 464
ThreadCreationTime : 5-25-2005 4:36:06 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:31 [wshield.exe]
ModuleName : c:\winnt\system32\eltra\wshield.exe
Command Line : wshield.exe
ProcessID : 336
ThreadCreationTime : 5-25-2005 4:36:07 PM
BasePriority : Normal
FileVersion : 2.0
ProductVersion : 2.0
ProductName : h4x0rb0t 2.0 Lame [bleep]
CompanyName : h4ckXcr3w
FileDescription : h4x0rb0t 2.0 Lame [bleep]
InternalName : h4x0rb0t 2.0 Lame [bleep]
LegalCopyright : h4ckXcr3w 0wnz j00 all
OriginalFilename : HEhhe [bleep] Off

#:32 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 9980
ThreadCreationTime : 5-25-2005 6:30:26 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.TrojanDownloader.Agent.Ay Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "hqbxbwwm"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : hqbxbwwm

Win32.TrojanDownloader.Agent.Ay Object Recognized!
Type : File
Data : hqbxbwwm.exe
Category : Data Miner
Comment :
Object : c:\winnt\system32\
FileVersion : 1, 0, 2, 17
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 3


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3

12:36:10 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:11.909
Objects scanned:55357
Objects identified:3
Objects ignored:0
New critical objects:3

Edited by IBG, 25 May 2005 - 01:42 PM.

  • 0

#5
Guest_Andy_veal_*
Posted 25 May 2005 - 04:59 PM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R47 24.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#6
IBG
Posted 25 May 2005 - 05:47 PM

IBG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, May 25, 2005 5:40:30 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
Fingerprints total : 886
Fingerprints size : 30371 Bytes
Target categories : 15
Target families : 679


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:9 %
Total physical memory:130544 kb
Available physical memory:10464 kb
Total page file size:310204 kb
Available on page file:187304 kb
Total virtual memory:2097024 kb
Available virtual memory:2045200 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects


5-25-2005 5:40:30 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 148
ThreadCreationTime : 5-25-2005 11:38:47 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 172
ThreadCreationTime : 5-25-2005 11:38:52 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 192
ThreadCreationTime : 5-25-2005 11:38:56 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 220
ThreadCreationTime : 5-25-2005 11:38:58 PM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 232
ThreadCreationTime : 5-25-2005 11:38:58 PM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 404
ThreadCreationTime : 5-25-2005 11:39:02 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 432
ThreadCreationTime : 5-25-2005 11:39:03 PM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [ati2evxx.exe]
ModuleName : C:\WINNT\system32\Ati2evxx.exe
Command Line : C:\WINNT\system32\Ati2evxx.exe
ProcessID : 472
ThreadCreationTime : 5-25-2005 11:39:07 PM
BasePriority : Normal


#:9 [dntus26.exe]
ModuleName : C:\WINNT\SYSTEM32\DNTUS26.EXE
Command Line : C:\WINNT\SYSTEM32\DNTUS26.EXE
ProcessID : 492
ThreadCreationTime : 5-25-2005 11:39:08 PM
BasePriority : Normal
FileVersion : 4, 2, 0, 2
ProductVersion : 4, 2, 0, 2
ProductName : DameWare Development Remote Command Server
CompanyName : DameWare Development LLC
FileDescription : DameWare Development Remote Command Server
InternalName : DNTUSrv
LegalCopyright : Copyright © 1991-2004 DameWare Development LLC
LegalTrademarks : DameWare NT Utilities
OriginalFilename : DNTUSrv.exe
Comments : http://www.dameware.com

#:10 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 508
ThreadCreationTime : 5-25-2005 11:39:08 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:11 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
ProcessID : 540
ThreadCreationTime : 5-25-2005 11:39:09 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:12 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 604
ThreadCreationTime : 5-25-2005 11:39:10 PM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:13 [spools.exe]
ModuleName : C:\WINNT\spools.exe
Command Line : C:\WINNT\spools.exe
ProcessID : 636
ThreadCreationTime : 5-25-2005 11:39:11 PM
BasePriority : Normal


#:14 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 704
ThreadCreationTime : 5-25-2005 11:39:13 PM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:15 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost.exe -k wugroup
ProcessID : 724
ThreadCreationTime : 5-25-2005 11:39:14 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:16 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k BITSgroup
ProcessID : 752
ThreadCreationTime : 5-25-2005 11:39:14 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:17 [explorer.exe]
ModuleName : C:\WINNT\Explorer.EXE
Command Line : C:\WINNT\Explorer.EXE
ProcessID : 852
ThreadCreationTime : 5-25-2005 11:39:17 PM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:18 [atiptaxx.exe]
ModuleName : C:\WINNT\system32\Atiptaxx.exe
Command Line : "C:\WINNT\system32\Atiptaxx.exe"
ProcessID : 940
ThreadCreationTime : 5-25-2005 11:39:26 PM
BasePriority : Normal
FileVersion : 4.12.2489
ProductVersion : 4.12.2489
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2000 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:19 [devdetect.exe]
ModuleName : C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
Command Line : "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
ProcessID : 976
ThreadCreationTime : 5-25-2005 11:39:27 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 12
ProductVersion : 2, 0, 0, 12
ProductName : Device Detector
CompanyName : ACD Systems, Ltd.
FileDescription : Device Detector
InternalName : DevDetect
LegalCopyright : Copyright © 2003
OriginalFilename : DevDetect.exe

#:20 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
ProcessID : 988
ThreadCreationTime : 5-25-2005 11:39:28 PM
BasePriority : Normal


#:21 [palsp.exe]
ModuleName : c:\winnt\system32\eltra\palsp.exe
Command Line : c:\winnt\system32\eltra\palsp.exe
ProcessID : 956
ThreadCreationTime : 5-25-2005 11:39:29 PM
BasePriority : Normal


#:22 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 1008
ThreadCreationTime : 5-25-2005 11:39:29 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:23 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1016
ThreadCreationTime : 5-25-2005 11:39:30 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:24 [kwfq.exe]
ModuleName : C:\Program Files\Iaog\Kwfq.exe
Command Line : "C:\Program Files\Iaog\Kwfq.exe"
ProcessID : 1036
ThreadCreationTime : 5-25-2005 11:39:31 PM
BasePriority : Normal


#:25 [yetdit.exe]
ModuleName : C:\WINNT\system32\yetdit.exe
Command Line : "C:\WINNT\system32\yetdit.exe"
ProcessID : 1044
ThreadCreationTime : 5-25-2005 11:39:31 PM
BasePriority : Normal


#:26 [ctfmon.exe]
ModuleName : C:\WINNT\system32\ctfmon.exe
Command Line : "C:\WINNT\system32\ctfmon.exe"
ProcessID : 1048
ThreadCreationTime : 5-25-2005 11:39:32 PM
BasePriority : Normal
FileVersion : 1.00.2409.7 built by: Lab06_N
ProductVersion : 1.00.2409.7
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Cicero Loader
InternalName : CICLOAD
LegalCopyright : Copyright © Microsoft Corporation. 1981-2001
OriginalFilename : CICLOAD.EXE

#:27 [wzcquoui.exe]
ModuleName : C:\WINNT\system32\wzcquoui.exe
Command Line : "C:\WINNT\system32\wzcquoui.exe"
ProcessID : 1064
ThreadCreationTime : 5-25-2005 11:39:32 PM
BasePriority : Normal


#:28 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 1088
ThreadCreationTime : 5-25-2005 11:39:33 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:29 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe"
ProcessID : 1096
ThreadCreationTime : 5-25-2005 11:39:33 PM
BasePriority : Normal


#:30 [wshield.exe]
ModuleName : c:\winnt\system32\eltra\wshield.exe
Command Line : wshield.exe
ProcessID : 1132
ThreadCreationTime : 5-25-2005 11:39:35 PM
BasePriority : Normal
FileVersion : 2.0
ProductVersion : 2.0
ProductName : h4x0rb0t 2.0 Lame [bleep]
CompanyName : h4ckXcr3w
FileDescription : h4x0rb0t 2.0 Lame [bleep]
InternalName : h4x0rb0t 2.0 Lame [bleep]
LegalCopyright : h4ckXcr3w 0wnz j00 all
OriginalFilename : HEhhe [bleep] Off

#:31 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1364
ThreadCreationTime : 5-25-2005 11:40:06 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
5:44:36 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:06.744
Objects scanned:55127
Objects identified:0
Objects ignored:0
New critical objects:0
  • 0

#7
Guest_Andy_veal_*
Posted 31 May 2005 - 12:26 PM

Guest_Andy_veal_*
  • Guest
Are you still having problems?

Please post your latest full system scan logfile here....
  • 0

#8
IBG
Posted 31 May 2005 - 01:50 PM

IBG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, May 31, 2005 1:53:22 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R49 31.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R49 31.05.2005
Internal build : 57
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 481469 Bytes
Total size : 1455496 Bytes
Signature data size : 1423833 Bytes
Reference data size : 31151 Bytes
Signatures total : 40572
CSI Fingerprints total : 902
CSI data size : 31096 Bytes
Target categories : 15
Target families : 692


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:17 %
Total physical memory:130544 kb
Available physical memory:21120 kb
Total page file size:310204 kb
Available on page file:198392 kb
Total virtual memory:2097024 kb
Available virtual memory:2043792 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-31-2005 1:53:22 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 148
ThreadCreationTime : 5-31-2005 7:37:47 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 172
ThreadCreationTime : 5-31-2005 7:37:53 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 192
ThreadCreationTime : 5-31-2005 7:37:56 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 220
ThreadCreationTime : 5-31-2005 7:37:58 PM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 232
ThreadCreationTime : 5-31-2005 7:37:58 PM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 408
ThreadCreationTime : 5-31-2005 7:38:04 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 436
ThreadCreationTime : 5-31-2005 7:38:04 PM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [dntus26.exe]
ModuleName : C:\WINNT\SYSTEM32\DNTUS26.EXE
Command Line : C:\WINNT\SYSTEM32\DNTUS26.EXE
ProcessID : 480
ThreadCreationTime : 5-31-2005 7:38:05 PM
BasePriority : Normal
FileVersion : 4, 2, 0, 2
ProductVersion : 4, 2, 0, 2
ProductName : DameWare Development Remote Command Server
CompanyName : DameWare Development LLC
FileDescription : DameWare Development Remote Command Server
InternalName : DNTUSrv
LegalCopyright : Copyright © 1991-2004 DameWare Development LLC
LegalTrademarks : DameWare NT Utilities
OriginalFilename : DNTUSrv.exe
Comments : http://www.dameware.com

#:9 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 500
ThreadCreationTime : 5-31-2005 7:38:05 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:10 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : "C:\Program Files\ewido\security suite\ewidoctrl.exe"
ProcessID : 520
ThreadCreationTime : 5-31-2005 7:38:06 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:11 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
ProcessID : 576
ThreadCreationTime : 5-31-2005 7:38:10 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:12 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 672
ThreadCreationTime : 5-31-2005 7:38:13 PM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:13 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 716
ThreadCreationTime : 5-31-2005 7:38:15 PM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:14 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost.exe -k wugroup
ProcessID : 752
ThreadCreationTime : 5-31-2005 7:38:15 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:15 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k BITSgroup
ProcessID : 764
ThreadCreationTime : 5-31-2005 7:38:16 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:16 [explorer.exe]
ModuleName : C:\WINNT\Explorer.EXE
Command Line : C:\WINNT\Explorer.EXE
ProcessID : 1000
ThreadCreationTime : 5-31-2005 7:52:09 PM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:17 [atiptaxx.exe]
ModuleName : C:\WINNT\system32\Atiptaxx.exe
Command Line : "C:\WINNT\system32\Atiptaxx.exe"
ProcessID : 1068
ThreadCreationTime : 5-31-2005 7:52:14 PM
BasePriority : Normal
FileVersion : 4.12.2489
ProductVersion : 4.12.2489
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2000 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:18 [devdetect.exe]
ModuleName : C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
Command Line : "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
ProcessID : 1040
ThreadCreationTime : 5-31-2005 7:52:14 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 12
ProductVersion : 2, 0, 0, 12
ProductName : Device Detector
CompanyName : ACD Systems, Ltd.
FileDescription : Device Detector
InternalName : DevDetect
LegalCopyright : Copyright © 2003
OriginalFilename : DevDetect.exe

#:19 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
ProcessID : 1016
ThreadCreationTime : 5-31-2005 7:52:14 PM
BasePriority : Normal


#:20 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 840
ThreadCreationTime : 5-31-2005 7:52:15 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:21 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1080
ThreadCreationTime : 5-31-2005 7:52:15 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:22 [hqbxbwwm.exe]
ModuleName : C:\winnt\system32\hqbxbwwm.exe
Command Line : "C:\winnt\system32\hqbxbwwm.exe"
ProcessID : 1256
ThreadCreationTime : 5-31-2005 7:52:16 PM
BasePriority : Normal
FileVersion : 1, 0, 2, 17
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

Win32.TrojanDownloader.Agent.Ay Object Recognized!
Type : Process
Data : hqbxbwwm.exe
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\winnt\system32\
FileVersion : 1, 0, 2, 17
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

Warning! "C:\winnt\system32\hqbxbwwm.exe"Process could not be terminated!
Warning! "C:\winnt\system32\hqbxbwwm.exe"Process could not be terminated!

#:23 [ctfmon.exe]
ModuleName : C:\WINNT\system32\ctfmon.exe
Command Line : "C:\WINNT\system32\ctfmon.exe"
ProcessID : 1248
ThreadCreationTime : 5-31-2005 7:52:16 PM
BasePriority : Normal
FileVersion : 1.00.2409.7 built by: Lab06_N
ProductVersion : 1.00.2409.7
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Cicero Loader
InternalName : CICLOAD
LegalCopyright : Copyright © Microsoft Corporation. 1981-2001
OriginalFilename : CICLOAD.EXE

#:24 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe"
ProcessID : 560
ThreadCreationTime : 5-31-2005 7:52:18 PM
BasePriority : Normal


#:25 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 1264
ThreadCreationTime : 5-31-2005 7:52:21 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:26 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1320
ThreadCreationTime : 5-31-2005 7:52:57 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 7
Category : Data Miner
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 7
Category : Data Miner
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : DisplayName

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 7
Category : Data Miner
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : URLInfoAbout

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 7
Category : Data Miner
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : Publisher

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 7
Category : Data Miner
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : HelpLink

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 7
Category : Data Miner
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : Contact

Win32.TrojanDownloader.Agent.Ay Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Data Miner
Comment : "hqbxbwwm"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : hqbxbwwm

Win32.TrojanDownloader.Agent.Ay Object Recognized!
Type : File
Data : hqbxbwwm.exe
TAC Rating : 7
Category : Data Miner
Comment :
Object : c:\winnt\system32\
FileVersion : 1, 0, 2, 17
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 9


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

1:57:20 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:58.593
Objects scanned:55780
Objects identified:9
Objects ignored:0
New critical objects:9

Edited by IBG, 31 May 2005 - 01:59 PM.

  • 0

#9
Guest_Andy_veal_*
Posted 31 May 2005 - 05:15 PM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R49 31.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#10
IBG
Posted 31 May 2005 - 06:08 PM

IBG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hey Andy, this is the third time that we've done this. Is there anything else we can try?

Here's the latest logfile:

Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, May 31, 2005 5:58:53 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R49 31.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R49 31.05.2005
Internal build : 57
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 481469 Bytes
Total size : 1455496 Bytes
Signature data size : 1423833 Bytes
Reference data size : 31151 Bytes
Signatures total : 40572
CSI Fingerprints total : 902
CSI data size : 31096 Bytes
Target categories : 15
Target families : 692


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:13 %
Total physical memory:130544 kb
Available physical memory:15928 kb
Total page file size:310204 kb
Available on page file:199880 kb
Total virtual memory:2097024 kb
Available virtual memory:2033484 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-31-2005 5:58:53 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 148
ThreadCreationTime : 5-31-2005 11:51:49 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 172
ThreadCreationTime : 5-31-2005 11:51:54 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 192
ThreadCreationTime : 5-31-2005 11:51:58 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 220
ThreadCreationTime : 5-31-2005 11:52:00 PM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 232
ThreadCreationTime : 5-31-2005 11:52:00 PM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 404
ThreadCreationTime : 5-31-2005 11:52:05 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 436
ThreadCreationTime : 5-31-2005 11:52:05 PM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [ati2evxx.exe]
ModuleName : C:\WINNT\system32\Ati2evxx.exe
Command Line : C:\WINNT\system32\Ati2evxx.exe
ProcessID : 472
ThreadCreationTime : 5-31-2005 11:52:09 PM
BasePriority : Normal


#:9 [dntus26.exe]
ModuleName : C:\WINNT\SYSTEM32\DNTUS26.EXE
Command Line : C:\WINNT\SYSTEM32\DNTUS26.EXE
ProcessID : 492
ThreadCreationTime : 5-31-2005 11:52:10 PM
BasePriority : Normal
FileVersion : 4, 2, 0, 2
ProductVersion : 4, 2, 0, 2
ProductName : DameWare Development Remote Command Server
CompanyName : DameWare Development LLC
FileDescription : DameWare Development Remote Command Server
InternalName : DNTUSrv
LegalCopyright : Copyright © 1991-2004 DameWare Development LLC
LegalTrademarks : DameWare NT Utilities
OriginalFilename : DNTUSrv.exe
Comments : http://www.dameware.com

#:10 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 508
ThreadCreationTime : 5-31-2005 11:52:10 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:11 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : "C:\Program Files\ewido\security suite\ewidoctrl.exe"
ProcessID : 532
ThreadCreationTime : 5-31-2005 11:52:10 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:12 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
ProcessID : 564
ThreadCreationTime : 5-31-2005 11:52:12 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:13 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 636
ThreadCreationTime : 5-31-2005 11:52:13 PM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:14 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 688
ThreadCreationTime : 5-31-2005 11:52:14 PM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:15 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost.exe -k wugroup
ProcessID : 716
ThreadCreationTime : 5-31-2005 11:52:15 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:16 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k BITSgroup
ProcessID : 732
ThreadCreationTime : 5-31-2005 11:52:15 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:17 [explorer.exe]
ModuleName : C:\WINNT\Explorer.EXE
Command Line : C:\WINNT\Explorer.EXE
ProcessID : 856
ThreadCreationTime : 5-31-2005 11:52:21 PM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:18 [atiptaxx.exe]
ModuleName : C:\WINNT\system32\Atiptaxx.exe
Command Line : "C:\WINNT\system32\Atiptaxx.exe"
ProcessID : 948
ThreadCreationTime : 5-31-2005 11:52:31 PM
BasePriority : Normal
FileVersion : 4.12.2489
ProductVersion : 4.12.2489
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2000 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:19 [devdetect.exe]
ModuleName : C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
Command Line : "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
ProcessID : 980
ThreadCreationTime : 5-31-2005 11:52:32 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 12
ProductVersion : 2, 0, 0, 12
ProductName : Device Detector
CompanyName : ACD Systems, Ltd.
FileDescription : Device Detector
InternalName : DevDetect
LegalCopyright : Copyright © 2003
OriginalFilename : DevDetect.exe

#:20 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
ProcessID : 992
ThreadCreationTime : 5-31-2005 11:52:32 PM
BasePriority : Normal


#:21 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 1000
ThreadCreationTime : 5-31-2005 11:52:33 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:22 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1008
ThreadCreationTime : 5-31-2005 11:52:34 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:23 [ctfmon.exe]
ModuleName : C:\WINNT\system32\ctfmon.exe
Command Line : "C:\WINNT\system32\ctfmon.exe"
ProcessID : 1016
ThreadCreationTime : 5-31-2005 11:52:35 PM
BasePriority : Normal
FileVersion : 1.00.2409.7 built by: Lab06_N
ProductVersion : 1.00.2409.7
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Cicero Loader
InternalName : CICLOAD
LegalCopyright : Copyright © Microsoft Corporation. 1981-2001
OriginalFilename : CICLOAD.EXE

#:24 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe"
ProcessID : 1032
ThreadCreationTime : 5-31-2005 11:52:36 PM
BasePriority : Normal


#:25 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1108
ThreadCreationTime : 5-31-2005 11:52:46 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:26 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 904
ThreadCreationTime : 5-31-2005 11:53:43 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
6:01:59 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:06.37
Objects scanned:55671
Objects identified:0
Objects ignored:0
New critical objects:0
  • 0

#11
Guest_Andy_veal_*
Posted 01 June 2005 - 06:29 PM

Guest_Andy_veal_*
  • Guest
Finally,

Your logfile is clean.

Are you still having problems?
  • 0

#12
IBG
Posted 01 June 2005 - 08:19 PM

IBG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Still having problems!


Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, June 01, 2005 8:12:05 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R49 31.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R49 31.05.2005
Internal build : 57
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 481469 Bytes
Total size : 1455496 Bytes
Signature data size : 1423833 Bytes
Reference data size : 31151 Bytes
Signatures total : 40572
CSI Fingerprints total : 902
CSI data size : 31096 Bytes
Target categories : 15
Target families : 692


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:13 %
Total physical memory:130544 kb
Available physical memory:16776 kb
Total page file size:310204 kb
Available on page file:190848 kb
Total virtual memory:2097024 kb
Available virtual memory:2028356 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


6-1-2005 8:12:05 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 148
ThreadCreationTime : 6-1-2005 7:13:34 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 172
ThreadCreationTime : 6-1-2005 7:13:40 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 192
ThreadCreationTime : 6-1-2005 7:13:43 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 220
ThreadCreationTime : 6-1-2005 7:13:45 PM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 232
ThreadCreationTime : 6-1-2005 7:13:45 PM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 408
ThreadCreationTime : 6-1-2005 7:13:51 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 440
ThreadCreationTime : 6-1-2005 7:13:52 PM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [dntus26.exe]
ModuleName : C:\WINNT\SYSTEM32\DNTUS26.EXE
Command Line : C:\WINNT\SYSTEM32\DNTUS26.EXE
ProcessID : 496
ThreadCreationTime : 6-1-2005 7:13:56 PM
BasePriority : Normal
FileVersion : 4, 2, 0, 2
ProductVersion : 4, 2, 0, 2
ProductName : DameWare Development Remote Command Server
CompanyName : DameWare Development LLC
FileDescription : DameWare Development Remote Command Server
InternalName : DNTUSrv
LegalCopyright : Copyright © 1991-2004 DameWare Development LLC
LegalTrademarks : DameWare NT Utilities
OriginalFilename : DNTUSrv.exe
Comments : http://www.dameware.com

#:9 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 512
ThreadCreationTime : 6-1-2005 7:13:56 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:10 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : "C:\Program Files\ewido\security suite\ewidoctrl.exe"
ProcessID : 536
ThreadCreationTime : 6-1-2005 7:13:57 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:11 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
ProcessID : 568
ThreadCreationTime : 6-1-2005 7:13:58 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:12 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 668
ThreadCreationTime : 6-1-2005 7:14:02 PM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:13 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 716
ThreadCreationTime : 6-1-2005 7:14:03 PM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:14 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost.exe -k wugroup
ProcessID : 748
ThreadCreationTime : 6-1-2005 7:14:04 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:15 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k BITSgroup
ProcessID : 760
ThreadCreationTime : 6-1-2005 7:14:04 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:16 [explorer.exe]
ModuleName : C:\WINNT\Explorer.EXE
Command Line : C:\WINNT\Explorer.EXE
ProcessID : 1032
ThreadCreationTime : 6-1-2005 10:38:52 PM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:17 [atiptaxx.exe]
ModuleName : C:\WINNT\system32\Atiptaxx.exe
Command Line : "C:\WINNT\system32\Atiptaxx.exe"
ProcessID : 1112
ThreadCreationTime : 6-1-2005 10:38:57 PM
BasePriority : Normal
FileVersion : 4.12.2489
ProductVersion : 4.12.2489
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2000 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:18 [devdetect.exe]
ModuleName : C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
Command Line : "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
ProcessID : 1052
ThreadCreationTime : 6-1-2005 10:38:57 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 12
ProductVersion : 2, 0, 0, 12
ProductName : Device Detector
CompanyName : ACD Systems, Ltd.
FileDescription : Device Detector
InternalName : DevDetect
LegalCopyright : Copyright © 2003
OriginalFilename : DevDetect.exe

#:19 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
ProcessID : 1096
ThreadCreationTime : 6-1-2005 10:38:57 PM
BasePriority : Normal


#:20 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 800
ThreadCreationTime : 6-1-2005 10:38:59 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:21 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1072
ThreadCreationTime : 6-1-2005 10:38:59 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:22 [ctfmon.exe]
ModuleName : C:\WINNT\system32\ctfmon.exe
Command Line : "C:\WINNT\system32\ctfmon.exe"
ProcessID : 1188
ThreadCreationTime : 6-1-2005 10:39:00 PM
BasePriority : Normal
FileVersion : 1.00.2409.7 built by: Lab06_N
ProductVersion : 1.00.2409.7
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Cicero Loader
InternalName : CICLOAD
LegalCopyright : Copyright © Microsoft Corporation. 1981-2001
OriginalFilename : CICLOAD.EXE

#:23 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe"
ProcessID : 1124
ThreadCreationTime : 6-1-2005 10:39:02 PM
BasePriority : Normal


#:24 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 832
ThreadCreationTime : 6-1-2005 10:39:07 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:25 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1432
ThreadCreationTime : 6-2-2005 2:06:43 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 7
Category : Data Miner
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 7
Category : Data Miner
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : DisplayName

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 7
Category : Data Miner
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : URLInfoAbout

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 7
Category : Data Miner
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : Publisher

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 7
Category : Data Miner
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : HelpLink

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 7
Category : Data Miner
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : Contact

Win32.TrojanDownloader.Agent.Ay Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Data Miner
Comment : "hqbxbwwm"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : hqbxbwwm

Win32.TrojanDownloader.Agent.Ay Object Recognized!
Type : File
Data : hqbxbwwm.exe
TAC Rating : 7
Category : Data Miner
Comment :
Object : c:\winnt\system32\
FileVersion : 1, 0, 2, 17
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 8


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8

8:15:42 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:36.541
Objects scanned:57307
Objects identified:8
Objects ignored:0
New critical objects:8
  • 0

#13
Guest_Andy_veal_*
Posted 02 June 2005 - 05:07 AM

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0

#14
IBG
Posted 05 June 2005 - 09:12 AM

IBG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:10:40 AM, on 6/5/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Atiptaxx.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by SHAW Internet
O2 - BHO: imGiantObj Class - {00000062-2E5F-4AF7-986E-5B64E0951A96} - C:\WINNT\imGiant.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [Win32 Loader] svhost.exe
O4 - HKLM\..\Run: [NTsystem Load] mxlfix.exe
O4 - HKLM\..\Run: [Wireless Conections] WireConnect.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [profiler] C:\WINNT\system32\config\profile\liteout.exe C:\WINNT\system32\config\profile\prof.exe
O4 - HKLM\..\Run: [winupdote] c:\winnt\system32\bootup\msnve.exe c:\winnt\system32\bootup\task.exe
O4 - HKLM\..\Run: [asejet] uyohuvax.exe
O4 - HKLM\..\Run: [fsdsft] C:\winnt\system32\diwsj43.exe
O4 - HKLM\..\Run: [jidifedig] xudexoli.exe
O4 - HKLM\..\Run: [Ohipa] C:\winnt\system32\sinor.exe
O4 - HKLM\..\Run: [Configuration Loader321] winamp.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sibawerix] tomup.exe
O4 - HKLM\..\Run: [WUPD] C:\WINNT\system32\iglmtray.exe
O4 - HKLM\..\Run: [Microsoft Win32 dll] rundll82.exe
O4 - HKLM\..\RunServices: [Win32 Loader] svhost.exe
O4 - HKLM\..\RunServices: [NTsystem Load] mxlfix.exe
O4 - HKLM\..\RunServices: [Wireless Conections] WireConnect.exe
O4 - HKLM\..\RunServices: [asejet] uyohuvax.exe
O4 - HKLM\..\RunServices: [jidifedig] xudexoli.exe
O4 - HKLM\..\RunServices: [Configuration Loader321] winamp.exe
O4 - HKLM\..\RunServices: [sibawerix] tomup.exe
O4 - HKLM\..\RunServices: [Microsoft Win32 dll] rundll82.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [asejet] uyohuvax.exe
O4 - HKCU\..\Run: [jidifedig] xudexoli.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...Bridge-c139.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay10...es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development LLC - C:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft NetWork FireWall Services - Unknown owner - NetServices.exe (file missing)
O23 - Service: sdktemp - Unknown owner - C:\WINNT\sdktemp.exe (file missing)
O23 - Service: Spools Print spol (Spools) - Unknown owner - C:\WINNT\spools.exe (file missing)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP