I went through your instructions and did all of the following:
1. I ran Cleanup
2. I downloaded the new version of Ad-aware SE (I had Ad-aware, but uninstalled the previous version as you instructed) and ran it. I deleted everything. I saved the log and posted it below.
3. Then I rebooted.
4. I ran CWShredder and fixed the malicious programs found.
5. Then I rebooted.
6. I downloaded the new version of SpyBot and installed it (I had the old version, but since there were no instructions to uninstall it, I assumed it would update the old version). I got a could error messages when I tried to update. So I uninstalled both versions, and reinstalled the new version. I still got an error message about one of the update elements, but I ran it and it seemed to work. It found nothing though. I had ran the old version this morning and it didn't find anything either.
7. I looked through the Rogue sites, but I don't believe I've installed any of them.
8. I downloaded and installed Ewido, updated it, and ran the scan. It found 54 files to clean and I cleaned them.
9. Then I rebooted.
10. A couple more pop-up Ewido window warnings came up after I rebooted and I cleaned them too. I saved the report and it is postd below.
11. I ran the TrendMicro Housecall. It didn't find anything.
12. I run Norton antivirus. It is current and has been updated. All day it has been popping up warnings about files trying to access the internet of access Yahoo, which is my home page. That DOES seem to have stopped now that I ran all of the above. Since I have Norton, I did not install AVG.
13. I downloaded TrojanHunter and ran it. It did not find anything.
14. I rebooted.
15. I ran Windows Update, but there were no new files to install. We update weekly so we're current there.
16. I rebooted again and still have Winfixer. @?%*&!
17. I downloaded and ran HijackThis and have posted my log below.
Please help me! I'm a geek-lite and it took everything I know just to follow all the instructions and run all this.
Thanks,
Laura
*********************
HIJACK THIS LOG:
*********************
Logfile of HijackThis v1.99.1
Scan saved at 11:51:19 PM, on 8/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NetIQ VPN\cvpnd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MalwareRemoval\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\TCOYF\tcoyftray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TDK\TDKLauncher\TDKLauncher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MalwareRemoval\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = ,
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SpyBot\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nsc86.dll (file missing)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE ,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\MalwareRemoval\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [Simp] C:\Program Files\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe
O4 - HKCU\..\Run: [TCOYFReminder] C:\PROGRA~1\TCOYF\tcoyftray.exe
O4 - Startup: TDK Launcher.lnk = C:\Program Files\TDK\TDKLauncher\TDKLauncher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetIQ Corporation NetIQ VPN Client.lnk = C:\Program Files\NetIQ VPN\vpngui.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar4.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar4.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar4.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar4.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar4.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar4.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.har.com
O15 - Trusted Zone: www.hotmail.com
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt0_x.cab
O16 - DPF: Tornado 21 - http://download.game...s/y/t21t0_x.cab
O16 - DPF: Win32 Classes -
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Dice - http://download.game...ts/y/dct2_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.s...og/y/fs10_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt4_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.s...og/y/ks12_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.game...ts/y/sdt0_x.cab
O16 - DPF: Yahoo! Toki Toki Boom - http://download.game...nts/y/vtj_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.game...ts/y/ywt0_x.cab
O16 - DPF: Yahoo! Trivia - http://download.game...ts/y/tvt0_x.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - http://agent.celebra...s/custappx3.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {1FB464C8-09BB-4017-A2F5-EB742F04392F} (Microsoft Terminal Services Control (redist)) - http://darkside.alte...wts/mstscax.cab
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX IE 2000 Control) - http://www.weightwat...oad/CfxIEAx.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwia.ops.pl...quicksilver.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120172941656
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - http://www.shop.intu...bles/ie/IDA.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://amawebcasts....ent/ieatgpc.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\guard.tmp
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\NetIQ VPN\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
**********************
Ewido Report
**********************
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 8:58:38 PM, 8/14/2005
+ Report-Checksum: 54568FFD
+ Scan result:
HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C19EB5B1-FC58-456E-8793-384532ED5970} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{70522FA0-4656-11D5-B0E9-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-776561741-813497703-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKU\S-1-5-21-776561741-813497703-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{666DDE35-E955-11D0-A707-000000521958} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-776561741-813497703-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
[580] C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Error during cleaning
[1868] C:\WINDOWS\system32\DrPMon.dll -> Adware.BetterInternet : Cleaned with backup
[2996] C:\WINDOWS\system32\wbspdmod.dll -> Spyware.Look2Me : Error during cleaning
[3424] C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace : Error during cleaning
[3664] C:\WINDOWS\system32\brzqcy.exe -> Trojan.Agent.cp : Cleaned with backup
[4016] C:\WINDOWS\system32\AUNPS2.DLL -> Spyware.Hijacker.Generic : Error during cleaning
C:\WINDOWS\SYSTEM\UpdInst.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\ybykq.dat -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\SYSTEM32\qrqmcoa.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\SYSTEM32\brzqcy.exe -> Trojan.Agent.gp : Cleaned with backup
C:\WINDOWS\SYSTEM32\supdate.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsc86.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\datadx.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\SYSTEM32\kokad.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\SYSTEM32\conres.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\SYSTEM32\__delete_on_reboot__wjwhfls.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\SYSTEM32\__delete_on_reboot__AUNPS2.DLL -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\TEMP\Cookies\laura@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\__delete_on_reboot__cfgmgr52.dll -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\__delete_on_reboot__dinst.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\cpci.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Documents and Settings\BELLL\Local Settings\Temp\temp.fr318D -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\BELLL\Local Settings\Temp\temp.fr82A1\MediaAccK.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\BELLL\Local Settings\Temp\temp.fr82A1\MediaAccess.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\BELLL\Local Settings\Temp\__delete_on_reboot__dinst.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\Documents and Settings\BELLL\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\BELLL\Local Settings\Temp\Cookies\laura@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\BELLL\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\BELLL\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\BELLL\Cookies\laura@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\BELLL\Cookies\laura@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\BELLL\Cookies\laura@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\BELLL\Cookies\laura@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\BELLL\Cookies\laura@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\BELLL\Cookies\laura@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\BELLL\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
::Report End
*********************
ADAWARE LOG:
*********************
Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, August 14, 2005 6:48:36 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R61 10.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):13 total references
Adintelligence.AproposToolbar(TAC index:5):2 total references
Alexa(TAC index:5):2 total references
AltnetBDE(TAC index:4):3 total references
BargainBuddy(TAC index:8):10 total references
BlazeFind(TAC index:5):6 total references
BookedSpace(TAC index:10):10 total references
Claria(TAC index:7):2 total references
CoolWebSearch(TAC index:10):12 total references
DyFuCA(TAC index:3):1 total references
MRU List(TAC index:0):213 total references
Other(TAC index:5):3 total references
Possible Browser Hijack attempt(TAC index:3):18 total references
Tracking Cookie(TAC index:3):2 total references
Windows(TAC index:3):1 total references
WindUpdates(TAC index:8):29 total references
VX2(TAC index:10):56 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : C:\PROGRA~1\LAVASOFT\AD-AWA~2\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
CSI Fingerprints total : 886
CSI data size : 30371 Bytes
Target categories : 15
Target families : 679
8-14-2005 6:43:53 PM Performing WebUpdate...
Installing Update...
Definitions File Loaded:
Reference Number : SE1R61 10.08.2005
Internal build : 71
File location : C:\PROGRA~1\LAVASOFT\AD-AWA~2\defs.ref
File size : 508229 Bytes
Total size : 1531791 Bytes
Signature data size : 1498915 Bytes
Reference data size : 32364 Bytes
Signatures total : 42681
CSI Fingerprints total : 1003
CSI data size : 35408 Bytes
Target categories : 15
Target families : 729
8-14-2005 6:44:01 PM Success
Update successfully downloaded and installed.
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:35 %
Total physical memory:785484 kb
Available physical memory:274148 kb
Total page file size:2277612 kb
Available on page file:1885360 kb
Total virtual memory:2097024 kb
Available virtual memory:2034348 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
8-14-2005 6:48:36 PM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 508
ThreadCreationTime : 8-14-2005 4:28:23 PM
BasePriority : Normal
#:2 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : n/a
ProcessID : 596
ThreadCreationTime : 8-14-2005 4:28:29 PM
BasePriority : High
#:3 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : n/a
ProcessID : 640
ThreadCreationTime : 8-14-2005 4:28:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:4 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : n/a
ProcessID : 652
ThreadCreationTime : 8-14-2005 4:28:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:5 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : n/a
ProcessID : 804
ThreadCreationTime : 8-14-2005 4:28:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 912
ThreadCreationTime : 8-14-2005 4:28:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [ccproxy.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
Command Line : n/a
ProcessID : 1280
ThreadCreationTime : 8-14-2005 4:28:33 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe
#:8 [ccsetmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : n/a
ProcessID : 1300
ThreadCreationTime : 8-14-2005 4:28:33 PM
BasePriority : Normal
FileVersion : 103.0.5.2
ProductVersion : 103.0.5.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:9 [issvc.exe]
ModuleName : C:\Program Files\Norton Internet Security\ISSVC.exe
Command Line : n/a
ProcessID : 1324
ThreadCreationTime : 8-14-2005 4:28:33 PM
BasePriority : Normal
FileVersion : 8.0.5.14
ProductVersion : 8.0
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : IS Service
InternalName : ISSVC.exe
LegalCopyright : Copyright © 2004 Symantec Corporation
OriginalFilename : ISSVC.exe
#:10 [sndsrvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Command Line : n/a
ProcessID : 1348
ThreadCreationTime : 8-14-2005 4:28:33 PM
BasePriority : Normal
FileVersion : 5.4.4.17
ProductVersion : 5.4
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe
#:11 [spbbcsvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Command Line : n/a
ProcessID : 1376
ThreadCreationTime : 8-14-2005 4:28:34 PM
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe
#:12 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : n/a
ProcessID : 1516
ThreadCreationTime : 8-14-2005 4:28:35 PM
BasePriority : Normal
FileVersion : 103.0.5.2
ProductVersion : 103.0.5.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:13 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : n/a
ProcessID : 1832
ThreadCreationTime : 8-14-2005 4:28:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:14 [cvpnd.exe]
ModuleName : C:\Program Files\NetIQ VPN\cvpnd.exe
Command Line : n/a
ProcessID : 1964
ThreadCreationTime : 8-14-2005 4:28:45 PM
BasePriority : Normal
FileVersion : 4.0.3 ©
ProductVersion : 4.0.3 ©
ProductName : Cisco Systems VPN Client
CompanyName : Cisco Systems, Inc.
FileDescription : Cisco Systems VPN Client
InternalName : cvpnd
LegalCopyright : Copyright © 1998-2003 Cisco Systems, Inc.
OriginalFilename : CVPND.EXE
#:15 [kodakccs.exe]
ModuleName : C:\WINDOWS\system32\drivers\KodakCCS.exe
Command Line : n/a
ProcessID : 2000
ThreadCreationTime : 8-14-2005 4:28:45 PM
BasePriority : Normal
FileVersion : 1.1.4900.0
ProductVersion : 4.3.1.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2003
OriginalFilename : DcFsSvc.exe
#:16 [navapsvc.exe]
ModuleName : C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
Command Line : n/a
ProcessID : 2020
ThreadCreationTime : 8-14-2005 4:28:45 PM
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:17 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : n/a
ProcessID : 152
ThreadCreationTime : 8-14-2005 4:28:46 PM
BasePriority : Normal
FileVersion : 6.14.10.5216
ProductVersion : 6.14.10.5216
ProductName : NVIDIA Driver Helper Service, Version 52.16
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 52.16
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:18 [scsiaccess.exe]
ModuleName : C:\WINDOWS\System32\ScsiAccess.EXE
Command Line : n/a
ProcessID : 352
ThreadCreationTime : 8-14-2005 4:28:46 PM
BasePriority : Normal
#:19 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 380
ThreadCreationTime : 8-14-2005 4:28:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:20 [symlcsvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Command Line : n/a
ProcessID : 448
ThreadCreationTime : 8-14-2005 4:28:46 PM
BasePriority : Normal
FileVersion : 1, 8, 54, 478
ProductVersion : 1, 8, 54, 478
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe
#:21 [mspmspsv.exe]
ModuleName : C:\WINDOWS\System32\MsPMSPSv.exe
Command Line : n/a
ProcessID : 592
ThreadCreationTime : 8-14-2005 4:28:50 PM
BasePriority : Normal
FileVersion : 7.01.00.3055
ProductVersion : 7.01.00.3055
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE
#:22 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 2360
ThreadCreationTime : 8-14-2005 4:29:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:23 [oeeb.exe]
ModuleName : C:\WINDOWS\system32\oeeb.exe
Command Line : n/a
ProcessID : 3284
ThreadCreationTime : 8-14-2005 4:30:06 PM
BasePriority : Normal
#:24 [hpzipm12.exe]
ModuleName : C:\WINDOWS\system32\HPZipm12.exe
Command Line : C:\WINDOWS\system32\HPZipm12.exe
ProcessID : 9628
ThreadCreationTime : 8-14-2005 11:27:46 PM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe
#:25 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 9144
ThreadCreationTime : 8-14-2005 11:35:00 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
VX2 Object Recognized!
Type : Process
Data : cocieuk.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
#:26 [drgtodsc.exe]
ModuleName : C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
Command Line : "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
ProcessID : 10956
ThreadCreationTime : 8-14-2005 11:35:03 PM
BasePriority : Normal
FileVersion : 6.1.1.7
ProductVersion : 6.1.1.7
ProductName : Drag-to-Disc
CompanyName : Roxio
FileDescription : Drag To Disc Application
InternalName : D2D
LegalCopyright : Copyright © 1999-2003 Roxio, Inc.
LegalTrademarks : Copyright © 1999-2003 Roxio, Inc.
OriginalFilename : BurnCtrl.EXE
VX2 Object Recognized!
Type : Process
Data : cocieuk.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"Process terminated successfully
#:27 [rxmon.exe]
ModuleName : C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
Command Line : "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
ProcessID : 9300
ThreadCreationTime : 8-14-2005 11:35:03 PM
BasePriority : Normal
VX2 Object Recognized!
Type : Process
Data : cocieuk.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
#:28 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 9248
ThreadCreationTime : 8-14-2005 11:35:04 PM
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
VX2 Object Recognized!
Type : Process
Data : cocieuk.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"Process terminated successfully
#:29 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : n/a
ProcessID : 11492
ThreadCreationTime : 8-14-2005 11:35:04 PM
BasePriority : Normal
FileVersion : 103.0.5.2
ProductVersion : 103.0.5.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
VX2 Object Recognized!
Type : Process
Data : cocieuk.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
#:30 [hpwuschd2.exe]
ModuleName : C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Command Line : "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
ProcessID : 11336
ThreadCreationTime : 8-14-2005 11:35:05 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : HP Software Update Application
CompanyName : Hewlett-Packard Company
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd.exe
VX2 Object Recognized!
Type : Process
Data : cocieuk.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"Process terminated successfully
#:31 [exp.exe]
ModuleName : C:\WINDOWS\system32\exp.exe
Command Line : "C:\WINDOWS\system32\exp.exe"
ProcessID : 8440
ThreadCreationTime : 8-14-2005 11:35:06 PM
BasePriority : Normal
VX2 Object Recognized!
Type : Process
Data : cocieuk.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
"C:\WINDOWS\system32\exp.exe"Process terminated successfully
#:32 [wintask.exe]
ModuleName : C:\WINDOWS\system32\wintask.exe
Command Line : "C:\WINDOWS\system32\wintask.exe"
ProcessID : 11432
ThreadCreationTime : 8-14-2005 11:35:06 PM
BasePriority : Normal
VX2 Object Recognized!
Type : Process
Data : cocieuk.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
"C:\WINDOWS\system32\wintask.exe"Process terminated successfully
#:33 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\RUNDLL32.exe
Command Line : "C:\WINDOWS\system32\RUNDLL32.exe" AUNPS2.DLL,_Run@16
ProcessID : 9492
ThreadCreationTime : 8-14-2005 11:35:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
VX2 Object Recognized!
Type : Process
Data : cocieuk.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
"C:\WINDOWS\system32\RUNDLL32.exe"Process terminated successfully
#:34 [kzpnsy.exe]
ModuleName : C:\WINDOWS\system32\kzpnsy.exe
Command Line : C:\WINDOWS\system32\kzpnsy.exe pqtzxja n
ProcessID : 9416
ThreadCreationTime : 8-14-2005 11:35:07 PM
BasePriority : Normal
FileVersion : 1, 1, 0, 7
ProductVersion : 0, 0, 7, 0
#:35 [unupkm.exe]
ModuleName : C:\WINDOWS\system32\unupkm.exe
Command Line : "C:\WINDOWS\system32\unupkm.exe" reg_run
ProcessID : 9364
ThreadCreationTime : 8-14-2005 11:35:07 PM
BasePriority : Normal
VX2 Object Recognized!
Type : Process
Data : unupkm.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
"C:\WINDOWS\system32\unupkm.exe"Process terminated successfully
"C:\WINDOWS\system32\unupkm.exe"Process terminated successfully
#:36 [mediaacck.exe]
ModuleName : C:\Program Files\Media Access\MediaAccK.exe
Command Line : "C:\Program Files\Media Access\MediaAccK.exe"
ProcessID : 9376
ThreadCreationTime : 8-14-2005 11:35:07 PM
BasePriority : Normal
VX2 Object Recognized!
Type : Process
Data : cocieuk.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
"C:\Program Files\Media Access\MediaAccK.exe"Process terminated successfully
#:37 [mediaaccess.exe]
ModuleName : C:\Program Files\Media Access\MediaAccess.exe
Command Line : "C:\Program Files\Media Access\MediaAccess.exe"
ProcessID : 9636
ThreadCreationTime : 8-14-2005 11:35:09 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : LoaderX Module
FileDescription : LoaderX Module
InternalName : LoaderX
LegalCopyright : Copyright 2005
OriginalFilename : LoaderX.EXE
WindUpdates Object Recognized!
Type : Process
Data : MediaAccC.dll
TAC Rating : 8
Category : Malware
Comment : (CSI MATCH)
Object : C:\Program Files\Media Access\
Warning! WindUpdates Object found in memory(C:\Program Files\Media Access\MediaAccC.dll)
VX2 Object Recognized!
Type : Process
Data : cocieuk.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
"C:\Program Files\Media Access\MediaAccess.exe"Process terminated successfully
#:38 [tcoyftray.exe]
ModuleName : C:\PROGRA~1\TCOYF\tcoyftray.exe
Command Line : "C:\PROGRA~1\TCOYF\tcoyftray.exe"
ProcessID : 9784
ThreadCreationTime : 8-14-2005 11:35:09 PM
BasePriority : Normal
FileVersion : 2.05.0628
ProductVersion : 2.05.0628
ProductName : TCOYF Reminder Application
CompanyName : Ovusoft, LLC
FileDescription : Taking Charge of Your Fertility System Tray Reminder Application
InternalName : tcoyftray
LegalCopyright : Copyright © 2005 Ovusoft, LLC
LegalTrademarks : TCOYF, Taking Charge of Your Fertility, Ovusoft
OriginalFilename : tcoyftray.exe
Comments : Taking Charge of Your Fertility System Tray Reminder Application
VX2 Object Recognized!
Type : Process
Data : cocieuk.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
#:39 [hpqtra08.exe]
ModuleName : C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Command Line : "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"
ProcessID : 10120
ThreadCreationTime : 8-14-2005 11:35:12 PM
BasePriority : Normal
FileVersion : 45.4.157.000
ProductVersion : 045.004.157.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor
#:40 [playlist.exe]
ModuleName : C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
Command Line : "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe" -Embedding
ProcessID : 10044
ThreadCreationTime : 8-14-2005 11:35:12 PM
BasePriority : Normal
#:41 [tdklauncher.exe]