Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Referred]Win32.trojan.agent.cs


  • Please log in to reply

#1
Mick Ash

Mick Ash

    New Member

  • Member
  • Pip
  • 3 posts
Hi - I'm a new user to the forum so apologies if correct protocol hasn't been followed!

I constantly recieve the following logfile from my Ad-Aware 1.06r1 system scan - and every time I remove the objects at the end of the scan they simply reappear immediately if I start a new scan. I tried version 1.05, I've also tried spycatcher, a squared and a multitude of other programs but ad-aware is the only one that keeps getting the errors. I've tried deleting the regkeys in normal mode and starting the laptop in safe mode - but they just won't go away! - help!

Ad-Aware SE Build 1.06r1
Logfile Created on:01 June, 2005 11:33:05 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R48 30.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):26 total references
Tracking Cookie(TAC index:3):2 total references
Win32.Trojan.Agent.cs(TAC index:6):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R48 30.05.2005
Internal build : 56
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 479648 Bytes
Total size : 1449429 Bytes
Signature data size : 1417942 Bytes
Reference data size : 30975 Bytes
Signatures total : 40440
CSI Fingerprints total : 895
CSI data size : 30725 Bytes
Target categories : 15
Target families : 685


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:13 %
Total physical memory:514480 kb
Available physical memory:64376 kb
Total page file size:1258352 kb
Available on page file:824192 kb
Total virtual memory:2097024 kb
Available virtual memory:2023292 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


01-Jun-05 11:33:05 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Mick Ash\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Mick Ash\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-4141519177-2951270939-2358863126-1005\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-4141519177-2951270939-2358863126-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-4141519177-2951270939-2358863126-1005\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-4141519177-2951270939-2358863126-1005\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-4141519177-2951270939-2358863126-1005\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-4141519177-2951270939-2358863126-1005\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-4141519177-2951270939-2358863126-1005\software\microsoft\office\11.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-4141519177-2951270939-2358863126-1005\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-4141519177-2951270939-2358863126-1005\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-4141519177-2951270939-2358863126-1005\software\microsoft\office\11.0\excel\recent templates
Description : list of recent templates used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-4141519177-2951270939-2358863126-1005\software\microsoft\office\11.0\word\recent templates
Description : list of recent templates used by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-4141519177-2951270939-2358863126-1005\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-4141519177-2951270939-2358863126-1005\software\microsoft\terminal server client\default
Description : list of recent systems connected to using remote desktop / terminal services


MRU List Object Recognized!
Location: : S-1-5-21-4141519177-2951270939-2358863126-1005\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-4141519177-2951270939-2358863126-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-4141519177-2951270939-2358863126-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-4141519177-2951270939-2358863126-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-4141519177-2951270939-2358863126-1005\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-4141519177-2951270939-2358863126-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 868
ThreadCreationTime : 31-May-05 11:21:44 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 1084
ThreadCreationTime : 31-May-05 11:21:47 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 1116
ThreadCreationTime : 31-May-05 11:21:48 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 1164
ThreadCreationTime : 31-May-05 11:21:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 1176
ThreadCreationTime : 31-May-05 11:21:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 1364
ThreadCreationTime : 31-May-05 11:21:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1440
ThreadCreationTime : 31-May-05 11:21:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1692
ThreadCreationTime : 31-May-05 11:21:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k NetworkService
ProcessID : 1932
ThreadCreationTime : 31-May-05 11:21:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 136
ThreadCreationTime : 31-May-05 11:21:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ccsetmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : n/a
ProcessID : 524
ThreadCreationTime : 31-May-05 11:22:00 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:12 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 684
ThreadCreationTime : 31-May-05 11:22:02 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [sndsrvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Command Line : n/a
ProcessID : 700
ThreadCreationTime : 31-May-05 11:22:02 PM
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:14 [spbbcsvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Command Line : n/a
ProcessID : 800
ThreadCreationTime : 31-May-05 11:22:04 PM
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:15 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : n/a
ProcessID : 984
ThreadCreationTime : 31-May-05 11:22:06 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:16 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1608
ThreadCreationTime : 31-May-05 11:22:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:17 [cfsvcs.exe]
ModuleName : C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
Command Line : "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe"
ProcessID : 340
ThreadCreationTime : 31-May-05 11:22:21 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 41
ProductVersion : 5, 0, 0, 0
ProductName : ConfigFree™
CompanyName : TOSHIBA CORPORATION
FileDescription : Service of ConfigFree.
InternalName : CFSvcs.exe
LegalCopyright : ©copyright TOSHIBA CORPORATION 2003-2004
LegalTrademarks : ConfigFree™
OriginalFilename : CFSvcs.exe
Comments : Service of ConfigFree.

#:18 [dvdramsv.exe]
ModuleName : C:\WINDOWS\system32\DVDRAMSV.exe
Command Line : C:\WINDOWS\system32\DVDRAMSV.exe
ProcessID : 376
ThreadCreationTime : 31-May-05 11:22:21 PM
BasePriority : Normal
FileVersion : 2, 0, 7, 0
ProductVersion : 2, 0, 7, 0
CompanyName : Matsushita Electric Industrial Co., Ltd.
FileDescription : Service of RAMAsst for Windows XP
LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002 - 2003
OriginalFilename : DVDRAMSV.EXE

#:19 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : n/a
ProcessID : 480
ThreadCreationTime : 31-May-05 11:22:21 PM
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:20 [npfmntor.exe]
ModuleName : C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
Command Line : n/a
ProcessID : 496
ThreadCreationTime : 31-May-05 11:22:22 PM
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE

#:21 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k imgsvc
ProcessID : 792
ThreadCreationTime : 31-May-05 11:22:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:22 [tmesrv31.exe]
ModuleName : C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
Command Line : "C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service
ProcessID : 636
ThreadCreationTime : 31-May-05 11:22:28 PM
BasePriority : Normal
FileVersion : 3, 1, 48, 0
ProductVersion : 3, 1, 48, 0
ProductName : TOSHIBA MobileExtension Service
CompanyName : TOSHIBA
FileDescription : TOSHIBA MobileExtension Service
InternalName : TMESRV3
LegalCopyright : TOSHIBA Copyright © 1999-2001
OriginalFilename : TMESRV3.exe

#:23 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1552
ThreadCreationTime : 31-May-05 11:22:28 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:24 [igfxtray.exe]
ModuleName : C:\WINDOWS\system32\igfxtray.exe
Command Line : "C:\WINDOWS\system32\igfxtray.exe"
ProcessID : 2328
ThreadCreationTime : 31-May-05 11:22:48 PM
BasePriority : Normal
FileVersion : 3.0.0.3943
ProductVersion : 7.0.0.3943
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : IGFXTRAY.EXE

#:25 [hkcmd.exe]
ModuleName : C:\WINDOWS\system32\hkcmd.exe
Command Line : "C:\WINDOWS\system32\hkcmd.exe"
ProcessID : 2344
ThreadCreationTime : 31-May-05 11:22:48 PM
BasePriority : Normal
FileVersion : 3.0.0.3943
ProductVersion : 7.0.0.3943
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : HKCMD.EXE

#:26 [ceekey.exe]
ModuleName : C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
Command Line : "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
ProcessID : 2376
ThreadCreationTime : 31-May-05 11:22:49 PM
BasePriority : Normal
FileVersion : 2, 1, 0, 21
ProductVersion : 2, 1, 0, 21
ProductName : EKey Application
CompanyName : COMPAL ELECTRONIC INC.
FileDescription : TOSHIBA HotKey Utility
InternalName : EKey
LegalCopyright : Copyright 2003-2004 Compal Electronic Inc.
OriginalFilename : CeEKey.EXE

#:27 [ndstray.exe]
ModuleName : C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
Command Line : "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
ProcessID : 2492
ThreadCreationTime : 31-May-05 11:22:51 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 79
ProductVersion : 5, 0, 0, 0
ProductName : ConfigFree™ Tray
CompanyName : TOSHIBA CORPORATION
FileDescription : ConfigFree™ Tray
InternalName : ndstray
LegalCopyright : Copyright 2002-2004 © TOSHIBA CORPORATION. All rights reserved.
OriginalFilename : NDSTray.exe

#:28 [tpsmain.exe]
ModuleName : C:\WINDOWS\system32\TPSMain.exe
Command Line : "C:\WINDOWS\system32\TPSMain.exe"
ProcessID : 2576
ThreadCreationTime : 31-May-05 11:22:52 PM
BasePriority : Normal
FileVersion : 1, 0, 14, 1
ProductVersion : 7, 0, 0, 0
ProductName : TOSHIBA Power Saver
CompanyName : TOSHIBA Corporation
InternalName : TPSMain
LegalCopyright : Copyright © 1998-2004 TOSHIBA Corporation
OriginalFilename : TPSMain.EXE

#:29 [zoominghook.exe]
ModuleName : C:\WINDOWS\system32\ZoomingHook.exe
Command Line : "C:\WINDOWS\system32\ZoomingHook.exe"
ProcessID : 2584
ThreadCreationTime : 31-May-05 11:22:52 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
CompanyName : TOSHIBA
FileDescription : Zooming Utility Hotkey Hook
LegalCopyright : Copyright © 2004 TOSHIBA, all rights reserved.
OriginalFilename : ZoomingHook.exe

#:30 [smoothview.exe]
ModuleName : C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
Command Line : "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
ProcessID : 2592
ThreadCreationTime : 31-May-05 11:22:52 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 18
ProductVersion : 2, 0, 0, 18
ProductName : TOSHIBA Zooming Utility
CompanyName : TOSHIBA Corporation
FileDescription : SmoothView
InternalName : SmoothView
LegalCopyright : Copyright © 2003 TOSHIBA Corporation. All rights reserved.
OriginalFilename : SmoothView.exe
Comments : TOSHIBA Zooming Utility

#:31 [fnkeyhook.exe]
ModuleName : C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
Command Line : "C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe"
ProcessID : 2640
ThreadCreationTime : 31-May-05 11:22:54 PM
BasePriority : Normal
FileVersion : 0, 1, 0, 3
ProductVersion : 0, 1, 0, 3
CompanyName : TOSHIBA
FileDescription : TOSHIBA Accessibility Hotkey Hook
LegalCopyright : Copyright 2004 TOSHIBA, All Rights Reserved.

#:32 [tfswctrl.exe]
ModuleName : C:\WINDOWS\system32\dla\tfswctrl.exe
Command Line : "C:\WINDOWS\system32\dla\tfswctrl.exe"
ProcessID : 2704
ThreadCreationTime : 31-May-05 11:22:55 PM
BasePriority : Normal
FileVersion : 1.04.08a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions

#:33 [tmerzctl.exe]
ModuleName : C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
Command Line : "C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE" /Service
ProcessID : 2736
ThreadCreationTime : 31-May-05 11:22:55 PM
BasePriority : Normal
FileVersion : 1, 0, 2, 18
ProductVersion : 1, 0, 2, 18
ProductName : TOSHIBA TMERzCtl
CompanyName : TOSHIBA
FileDescription : TMERzCtl
InternalName : TMERzCtl
LegalCopyright : Copyright © 2001
OriginalFilename : TMERzCtl.exe

#:34 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : n/a
ProcessID : 2796
ThreadCreationTime : 31-May-05 11:22:57 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:35 [agrsmmsg.exe]
ModuleName : C:\WINDOWS\AGRSMMSG.exe
Command Line : "C:\WINDOWS\AGRSMMSG.exe"
ProcessID : 2804
ThreadCreationTime : 31-May-05 11:22:57 PM
BasePriority : Normal
FileVersion : 2.1.47.6 2.1.47.6 10/28/2004 13:37:38
ProductVersion : 2.1.47.6 2.1.47.6 10/28/2004 13:37:38
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe

#:36 [tmeejme.exe]
ModuleName : C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
Command Line : "C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE"
ProcessID : 2812
ThreadCreationTime : 31-May-05 11:22:57 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 22
ProductVersion : 1, 0, 0, 0
ProductName : TOSHIBA MobileExtension Service
CompanyName : TOSHIBA
FileDescription : TMEEJME
InternalName : TMEEJME
LegalCopyright : TOSHIBA Copyright © 2002
OriginalFilename : TMEEJME.exe

#:37 [ltmoh.exe]
ModuleName : C:\Program Files\ltmoh\Ltmoh.exe
Command Line : "C:\Program Files\ltmoh\Ltmoh.exe"
ProcessID : 2828
ThreadCreationTime : 31-May-05 11:22:57 PM
BasePriority : Normal
FileVersion : 1.73
ProductVersion : 1.73
ProductName : LtMoh Application
CompanyName : Agere Systems
FileDescription : LtMoh MFC Application
InternalName : LtMoh
LegalCopyright : Agere Copyright © 2001-2004
LegalTrademarks : Agere Systens
OriginalFilename : LtMoh.EXE

#:38 [tctrliohook.exe]
ModuleName : C:\WINDOWS\system32\TCtrlIOHook.exe
Command Line : "C:\WINDOWS\system32\TCtrlIOHook.exe"
ProcessID : 2852
ThreadCreationTime : 31-May-05 11:22:58 PM
BasePriority : Normal
FileVersion : 1, 0, 3, 8
ProductVersion : 1, 0, 3, 8
CompanyName : TOSHIBA
FileDescription : TOSHIBA Control Utility Hotkey Hook
LegalCopyright : Copyright 2004 TOSHIBA, All Rights Reserved.

#:39 [tfncky.exe]
ModuleName : C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
Command Line : "C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe"
ProcessID : 2920
ThreadCreationTime : 31-May-05 11:23:01 PM
BasePriority : Normal
FileVersion : 3.14.00
ProductVersion : 3.14.00
ProductName : TFncKy
CompanyName : TOSHIBA Corporation
FileDescription : TFncKy
InternalName : TFncKy
LegalCopyright : Copyright © 2001-2004 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TFncKy.EXE

#:40 [tptray.exe]
ModuleName : C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
Command Line : "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
ProcessID : 2940
ThreadCreationTime : 31-May-05 11:23:01 PM
BasePriority : Normal
FileVersion : 1, 1, 0, 4
ProductVersion : 1, 1, 0, 4
ProductName : TPTray Application
CompanyName : COMPAL ELECTRONIC INC.
FileDescription : TPTray Application
InternalName : TPTray
LegalCopyright : Copyright 2002-2004 Compal Electronic Inc.
OriginalFilename : TPTray.EXE
Comments : Mei Hsu

#:41 [tpsbattm.exe]
ModuleName : C:\WINDOWS\system32\TPSBattM.exe
Command Line : "C:\WINDOWS\system32\TPSBattM.exe"
ProcessID : 2964
ThreadCreationTime : 31-May-05 11:23:01 PM
BasePriority : Normal
FileVersion : 1, 0, 2, 0
ProductVersion : 7, 0, 0, 0
ProductName : TOSHIBA Power Saver
CompanyName : TOSHIBA Corporation
InternalName : TPSBattM
LegalCopyright : Copyright © 1998-2004 TOSHIBA Corporation
OriginalFilename : TPSBattM.exe

#:42 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 2980
ThreadCreationTime : 31-May-05 11:23:02 PM
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:43 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 3016
ThreadCreationTime : 31-May-05 11:23:03 PM
BasePriority : Normal


#:44 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 3044
ThreadCreationTime : 31-May-05 11:23:05 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:45 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 3144
ThreadCreationTime : 31-May-05 11:23:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:46 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 3216
ThreadCreationTime : 31-May-05 11:23:10 PM
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:47 [ramasst.exe]
ModuleName : C:\WINDOWS\system32\RAMASST.exe
Command Line : "C:\WINDOWS\system32\RAMASST.exe"
ProcessID : 3348
ThreadCreationTime : 31-May-05 11:23:13 PM
BasePriority : Normal
FileVersion : 1, 0, 9, 0
ProductVersion : 1, 0, 9, 0
CompanyName : Matsushita Electric Industrial Co., Ltd.
FileDescription : CD Burning of Windows XP disabling tool for DVD MULTI Drive
LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002 - 2003
OriginalFilename : RAMASST.EXE

#:48 [outlook.exe]
ModuleName : C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
Command Line : "C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE" /recycle
ProcessID : 3928
ThreadCreationTime : 31-May-05 11:23:24 PM
BasePriority : Normal


#:49 [winword.exe]
ModuleName : C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
Command Line : "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" -Embedding
ProcessID : 2336
ThreadCreationTime : 31-May-05 11:23:42 PM
BasePriority : Normal


#:50 [netscape.exe]
ModuleName : C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE
Command Line : "C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE"
ProcessID : 3596
ThreadCreationTime : 01-Jun-05 12:08:28 AM
BasePriority : Normal


#:51 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2312
ThreadCreationTime : 01-Jun-05 1:15:10 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 26


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Agent.cs Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{b8b55274-0f9a-41e5-9067-a3539bd9e860}

Win32.Trojan.Agent.cs Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{b8b55274-0f9a-41e5-9067-a3539bd9e860}
Value : AppID

Win32.Trojan.Agent.cs Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{b8b55274-0f9a-41e5-9067-a3539bd9e860}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 29


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 29


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mick ash@statse.webtrendslive[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:mick ash@statse.webtrendslive.com/
Expires : 01-Jun-05 11:58:00 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 30


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mick ash@statse.webtrendslive[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mick Ash\Local Settings\Temp\Cookies\mick ash@statse.webtrendslive[2].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1151 entries scanned.
New critical objects:0
Objects found so far: 31




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Agent.cs Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .key

Win32.Trojan.Agent.cs Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : msevents.msevents

Win32.Trojan.Agent.cs Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : msevents.msevents.1

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 34

11:37:15 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:10.485
Objects scanned:101864
Objects identified:8
Objects ignored:0
New critical objects:8
  • 0

Advertisements


#2
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1151 entries scanned.


If your system is running a program which changes the hosts file or you have added listings to the hosts file then there is no need to check further. Otherwise, please download the "Host File Viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your HOST file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip

Please also scan your computer with at least one of the following, free online AV scanners and post your results here


Panda

Symantec

McAfee

TrendMicro Recommended

F-secure


Keep us updated

Thanks

Andy
  • 0

#3
Mick Ash

Mick Ash

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi Andy,

Panda picked up the following;

Incident Status Location

Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\assembly\cateula.dll

Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\assembly\cateula.dll

One of the other scans also picked up
the same....

What next?

Cheers,

Mick
  • 0

#4
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R49 31.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#5
Mick Ash

Mick Ash

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi Andy,

Followed your instructions - used CCleaner in safe mode - the only thing I couldn't do was run ad-aware from the run command line - typing the following wouldn't be accepted - "C\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" + procnuke

So I just ran the program as per normal - it came up with the same results which I then deleted. Restarted the PC and ran a scan again - same results as always - logfile below. Is this ever going to disappear!!??


Ad-Aware SE Build 1.06r1
Logfile Created on:07 June, 2005 4:39:31 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R49 31.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):10 total references
Win32.Trojan.Agent.cs(TAC index:6):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R49 31.05.2005
Internal build : 57
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 481469 Bytes
Total size : 1455496 Bytes
Signature data size : 1423833 Bytes
Reference data size : 31151 Bytes
Signatures total : 40572
CSI Fingerprints total : 902
CSI data size : 31096 Bytes
Target categories : 15
Target families : 692


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:24 %
Total physical memory:514480 kb
Available physical memory:122332 kb
Total page file size:1258352 kb
Available on page file:935688 kb
Total virtual memory:2097024 kb
Available virtual memory:2030724 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


07/Jun/05 4:39:31 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 868
ThreadCreationTime : 07/Jun/05 6:24:07 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 916
ThreadCreationTime : 07/Jun/05 6:24:10 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 940
ThreadCreationTime : 07/Jun/05 6:24:11 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 988
ThreadCreationTime : 07/Jun/05 6:24:14 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 1000
ThreadCreationTime : 07/Jun/05 6:24:14 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 1176
ThreadCreationTime : 07/Jun/05 6:24:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1256
ThreadCreationTime : 07/Jun/05 6:24:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1420
ThreadCreationTime : 07/Jun/05 6:24:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k NetworkService
ProcessID : 1604
ThreadCreationTime : 07/Jun/05 6:24:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 1688
ThreadCreationTime : 07/Jun/05 6:24:21 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ccsetmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : n/a
ProcessID : 184
ThreadCreationTime : 07/Jun/05 6:24:25 AM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:12 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 220
ThreadCreationTime : 07/Jun/05 6:24:25 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [sndsrvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Command Line : n/a
ProcessID : 240
ThreadCreationTime : 07/Jun/05 6:24:26 AM
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:14 [spbbcsvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Command Line : n/a
ProcessID : 284
ThreadCreationTime : 07/Jun/05 6:24:27 AM
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:15 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : n/a
ProcessID : 432
ThreadCreationTime : 07/Jun/05 6:24:28 AM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:16 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 660
ThreadCreationTime : 07/Jun/05 6:24:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:17 [cfsvcs.exe]
ModuleName : C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
Command Line : "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe"
ProcessID : 780
ThreadCreationTime : 07/Jun/05 6:24:35 AM
BasePriority : Normal
FileVersion : 5, 0, 0, 41
ProductVersion : 5, 0, 0, 0
ProductName : ConfigFree™
CompanyName : TOSHIBA CORPORATION
FileDescription : Service of ConfigFree.
InternalName : CFSvcs.exe
LegalCopyright : ©copyright TOSHIBA CORPORATION 2003-2004
LegalTrademarks : ConfigFree™
OriginalFilename : CFSvcs.exe
Comments : Service of ConfigFree.

#:18 [dvdramsv.exe]
ModuleName : C:\WINDOWS\system32\DVDRAMSV.exe
Command Line : C:\WINDOWS\system32\DVDRAMSV.exe
ProcessID : 808
ThreadCreationTime : 07/Jun/05 6:24:35 AM
BasePriority : Normal
FileVersion : 2, 0, 7, 0
ProductVersion : 2, 0, 7, 0
CompanyName : Matsushita Electric Industrial Co., Ltd.
FileDescription : Service of RAMAsst for Windows XP
LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002 - 2003
OriginalFilename : DVDRAMSV.EXE

#:19 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : n/a
ProcessID : 884
ThreadCreationTime : 07/Jun/05 6:24:36 AM
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:20 [npfmntor.exe]
ModuleName : C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
Command Line : n/a
ProcessID : 1144
ThreadCreationTime : 07/Jun/05 6:24:37 AM
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE

#:21 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k imgsvc
ProcessID : 1388
ThreadCreationTime : 07/Jun/05 6:24:38 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:22 [tmesrv31.exe]
ModuleName : C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
Command Line : "C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service
ProcessID : 1488
ThreadCreationTime : 07/Jun/05 6:24:40 AM
BasePriority : Normal
FileVersion : 3, 1, 48, 0
ProductVersion : 3, 1, 48, 0
ProductName : TOSHIBA MobileExtension Service
CompanyName : TOSHIBA
FileDescription : TOSHIBA MobileExtension Service
InternalName : TMESRV3
LegalCopyright : TOSHIBA Copyright © 1999-2001
OriginalFilename : TMESRV3.exe

#:23 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1044
ThreadCreationTime : 07/Jun/05 6:24:41 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:24 [igfxtray.exe]
ModuleName : C:\WINDOWS\system32\igfxtray.exe
Command Line : "C:\WINDOWS\system32\igfxtray.exe"
ProcessID : 1968
ThreadCreationTime : 07/Jun/05 6:25:03 AM
BasePriority : Normal
FileVersion : 3.0.0.3943
ProductVersion : 7.0.0.3943
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : IGFXTRAY.EXE

#:25 [hkcmd.exe]
ModuleName : C:\WINDOWS\system32\hkcmd.exe
Command Line : "C:\WINDOWS\system32\hkcmd.exe"
ProcessID : 1540
ThreadCreationTime : 07/Jun/05 6:25:05 AM
BasePriority : Normal
FileVersion : 3.0.0.3943
ProductVersion : 7.0.0.3943
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : HKCMD.EXE

#:26 [ceekey.exe]
ModuleName : C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
Command Line : "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
ProcessID : 708
ThreadCreationTime : 07/Jun/05 6:25:06 AM
BasePriority : Normal
FileVersion : 2, 1, 0, 21
ProductVersion : 2, 1, 0, 21
ProductName : EKey Application
CompanyName : COMPAL ELECTRONIC INC.
FileDescription : TOSHIBA HotKey Utility
InternalName : EKey
LegalCopyright : Copyright 2003-2004 Compal Electronic Inc.
OriginalFilename : CeEKey.EXE

#:27 [ndstray.exe]
ModuleName : C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
Command Line : "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
ProcessID : 228
ThreadCreationTime : 07/Jun/05 6:25:09 AM
BasePriority : Normal
FileVersion : 5, 0, 0, 79
ProductVersion : 5, 0, 0, 0
ProductName : ConfigFree™ Tray
CompanyName : TOSHIBA CORPORATION
FileDescription : ConfigFree™ Tray
InternalName : ndstray
LegalCopyright : Copyright 2002-2004 © TOSHIBA CORPORATION. All rights reserved.
OriginalFilename : NDSTray.exe

#:28 [tpsmain.exe]
ModuleName : C:\WINDOWS\system32\TPSMain.exe
Command Line : "C:\WINDOWS\system32\TPSMain.exe"
ProcessID : 1948
ThreadCreationTime : 07/Jun/05 6:25:11 AM
BasePriority : Normal
FileVersion : 1, 0, 14, 1
ProductVersion : 7, 0, 0, 0
ProductName : TOSHIBA Power Saver
CompanyName : TOSHIBA Corporation
InternalName : TPSMain
LegalCopyright : Copyright © 1998-2004 TOSHIBA Corporation
OriginalFilename : TPSMain.EXE

#:29 [zoominghook.exe]
ModuleName : C:\WINDOWS\system32\ZoomingHook.exe
Command Line : "C:\WINDOWS\system32\ZoomingHook.exe"
ProcessID : 1724
ThreadCreationTime : 07/Jun/05 6:25:11 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
CompanyName : TOSHIBA
FileDescription : Zooming Utility Hotkey Hook
LegalCopyright : Copyright © 2004 TOSHIBA, all rights reserved.
OriginalFilename : ZoomingHook.exe

#:30 [smoothview.exe]
ModuleName : C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
Command Line : "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
ProcessID : 1960
ThreadCreationTime : 07/Jun/05 6:25:11 AM
BasePriority : Normal
FileVersion : 2, 0, 0, 18
ProductVersion : 2, 0, 0, 18
ProductName : TOSHIBA Zooming Utility
CompanyName : TOSHIBA Corporation
FileDescription : SmoothView
InternalName : SmoothView
LegalCopyright : Copyright © 2003 TOSHIBA Corporation. All rights reserved.
OriginalFilename : SmoothView.exe
Comments : TOSHIBA Zooming Utility

#:31 [fnkeyhook.exe]
ModuleName : C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
Command Line : "C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe"
ProcessID : 1520
ThreadCreationTime : 07/Jun/05 6:25:12 AM
BasePriority : Normal
FileVersion : 0, 1, 0, 3
ProductVersion : 0, 1, 0, 3
CompanyName : TOSHIBA
FileDescription : TOSHIBA Accessibility Hotkey Hook
LegalCopyright : Copyright 2004 TOSHIBA, All Rights Reserved.

#:32 [tfswctrl.exe]
ModuleName : C:\WINDOWS\system32\dla\tfswctrl.exe
Command Line : "C:\WINDOWS\system32\dla\tfswctrl.exe"
ProcessID : 2032
ThreadCreationTime : 07/Jun/05 6:25:13 AM
BasePriority : Normal
FileVersion : 1.04.08a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions

#:33 [tmerzctl.exe]
ModuleName : C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
Command Line : "C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE" /Service
ProcessID : 2064
ThreadCreationTime : 07/Jun/05 6:25:14 AM
BasePriority : Normal
FileVersion : 1, 0, 2, 18
ProductVersion : 1, 0, 2, 18
ProductName : TOSHIBA TMERzCtl
CompanyName : TOSHIBA
FileDescription : TMERzCtl
InternalName : TMERzCtl
LegalCopyright : Copyright © 2001
OriginalFilename : TMERzCtl.exe

#:34 [tmeejme.exe]
ModuleName : C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
Command Line : "C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE"
ProcessID : 2096
ThreadCreationTime : 07/Jun/05 6:25:15 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 22
ProductVersion : 1, 0, 0, 0
ProductName : TOSHIBA MobileExtension Service
CompanyName : TOSHIBA
FileDescription : TMEEJME
InternalName : TMEEJME
LegalCopyright : TOSHIBA Copyright © 2002
OriginalFilename : TMEEJME.exe

#:35 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : n/a
ProcessID : 2092
ThreadCreationTime : 07/Jun/05 6:25:15 AM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:36 [agrsmmsg.exe]
ModuleName : C:\WINDOWS\AGRSMMSG.exe
Command Line : "C:\WINDOWS\AGRSMMSG.exe"
ProcessID : 2136
ThreadCreationTime : 07/Jun/05 6:25:17 AM
BasePriority : Normal
FileVersion : 2.1.47.6 2.1.47.6 10/28/2004 13:37:38
ProductVersion : 2.1.47.6 2.1.47.6 10/28/2004 13:37:38
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe

#:37 [ltmoh.exe]
ModuleName : C:\Program Files\ltmoh\Ltmoh.exe
Command Line : "C:\Program Files\ltmoh\Ltmoh.exe"
ProcessID : 2180
ThreadCreationTime : 07/Jun/05 6:25:17 AM
BasePriority : Normal
FileVersion : 1.73
ProductVersion : 1.73
ProductName : LtMoh Application
CompanyName : Agere Systems
FileDescription : LtMoh MFC Application
InternalName : LtMoh
LegalCopyright : Agere Copyright © 2001-2004
LegalTrademarks : Agere Systens
OriginalFilename : LtMoh.EXE

#:38 [tctrliohook.exe]
ModuleName : C:\WINDOWS\system32\TCtrlIOHook.exe
Command Line : "C:\WINDOWS\system32\TCtrlIOHook.exe"
ProcessID : 2196
ThreadCreationTime : 07/Jun/05 6:25:18 AM
BasePriority : Normal
FileVersion : 1, 0, 3, 8
ProductVersion : 1, 0, 3, 8
CompanyName : TOSHIBA
FileDescription : TOSHIBA Control Utility Hotkey Hook
LegalCopyright : Copyright 2004 TOSHIBA, All Rights Reserved.

#:39 [tfncky.exe]
ModuleName : C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
Command Line : "C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe"
ProcessID : 2256
ThreadCreationTime : 07/Jun/05 6:25:20 AM
BasePriority : Normal
FileVersion : 3.14.00
ProductVersion : 3.14.00
ProductName : TFncKy
CompanyName : TOSHIBA Corporation
FileDescription : TFncKy
InternalName : TFncKy
LegalCopyright : Copyright © 2001-2004 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TFncKy.EXE

#:40 [tptray.exe]
ModuleName : C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
Command Line : "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
ProcessID : 2264
ThreadCreationTime : 07/Jun/05 6:25:20 AM
BasePriority : Normal
FileVersion : 1, 1, 0, 4
ProductVersion : 1, 1, 0, 4
ProductName : TPTray Application
CompanyName : COMPAL ELECTRONIC INC.
FileDescription : TPTray Application
InternalName : TPTray
LegalCopyright : Copyright 2002-2004 Compal Electronic Inc.
OriginalFilename : TPTray.EXE
Comments : Mei Hsu

#:41 [tpsbattm.exe]
ModuleName : C:\WINDOWS\system32\TPSBattM.exe
Command Line : "C:\WINDOWS\system32\TPSBattM.exe"
ProcessID : 2292
ThreadCreationTime : 07/Jun/05 6:25:22 AM
BasePriority : Normal
FileVersion : 1, 0, 2, 0
ProductVersion : 7, 0, 0, 0
ProductName : TOSHIBA Power Saver
CompanyName : TOSHIBA Corporation
InternalName : TPSBattM
LegalCopyright : Copyright © 1998-2004 TOSHIBA Corporation
OriginalFilename : TPSBattM.exe

#:42 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 2316
ThreadCreationTime : 07/Jun/05 6:25:23 AM
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:43 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 2332
ThreadCreationTime : 07/Jun/05 6:25:25 AM
BasePriority : Normal


#:44 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 2352
ThreadCreationTime : 07/Jun/05 6:25:25 AM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:45 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 2360
ThreadCreationTime : 07/Jun/05 6:25:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:46 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 2500
ThreadCreationTime : 07/Jun/05 6:25:30 AM
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:47 [ramasst.exe]
ModuleName : C:\WINDOWS\system32\RAMASST.exe
Command Line : "C:\WINDOWS\system32\RAMASST.exe"
ProcessID : 2576
ThreadCreationTime : 07/Jun/05 6:25:32 AM
BasePriority : Normal
FileVersion : 1, 0, 9, 0
ProductVersion : 1, 0, 9, 0
CompanyName : Matsushita Electric Industrial Co., Ltd.
FileDescription : CD Burning of Windows XP disabling tool for DVD MULTI Drive
LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002 - 2003
OriginalFilename : RAMASST.EXE

#:48 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2764
ThreadCreationTime : 07/Jun/05 6:25:47 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:49 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\shell32.dll,Control_RunDLL "C:\WINDOWS\system32\inetcpl.cpl",Internet Options
ProcessID : 3016
ThreadCreationTime : 07/Jun/05 6:30:50 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:50 [outlook.exe]
ModuleName : C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
Command Line : "C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE" /recycle
ProcessID : 4040
ThreadCreationTime : 07/Jun/05 6:33:11 AM
BasePriority : Normal


#:51 [winword.exe]
ModuleName : C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
Command Line : "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" -Embedding
ProcessID : 472
ThreadCreationTime : 07/Jun/05 6:33:21 AM
BasePriority : Normal


#:52 [netscape.exe]
ModuleName : C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE
Command Line : "C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE" -url "http://www.geekstogo...iew=getnewpost"
ProcessID : 3224
ThreadCreationTime : 07/Jun/05 6:33:48 AM
BasePriority : Normal


Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Agent.cs Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{b8b55274-0f9a-41e5-9067-a3539bd9e860}

Win32.Trojan.Agent.cs Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{b8b55274-0f9a-41e5-9067-a3539bd9e860}
Value : AppID

Win32.Trojan.Agent.cs Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{b8b55274-0f9a-41e5-9067-a3539bd9e860}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 13


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 13




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Agent.cs Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .key

Win32.Trojan.Agent.cs Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : msevents.msevents

Win32.Trojan.Agent.cs Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : msevents.msevents.1

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 16

4:43:53 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:21.531
Objects scanned:99261
Objects identified:6
Objects ignored:0
New critical objects:6
  • 0

#6
comat0se

comat0se

    New Member

  • Member
  • Pip
  • 3 posts
If you want to post help in the Malware Removal forum here at GTG, you need to be a staff member. Click here to join Geek U.

ScHwErV :tazz:

Edited by Geek U Moderator

Edited by ScHwErV, 08 June 2005 - 09:45 AM.

  • 0

#7
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP