Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Suspected Loader X Module infection [RESOLVED]


  • This topic is locked This topic is locked

#16
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Your logs are clean as of now.


Lets make some changes so that it doesnt recur. Also lets clear up your system restore.


Please visit here to read about how to clear your system restore points.


Do it.


Download and install Firefox Mozilla Browser. Use this instead of IE wherever possible.

Have a wall of protection against spyware / adware by installing SpywareBlaster and SpywareGuard.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs.
SpywareBlaster will prevent spyware from being installed and consumes no system resources.
SpywareGuard offers realtime protection from spyware installation and browser hijack attempts. Both have free ongoing updates.

Download and install a firewall ZoneAlarm


All these products are freeware for personal use.
  • 0

Advertisements


#17
dreadpiratedaz

dreadpiratedaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I discovered, by following the symantec website, system restore is already disabled on my computer which apparently means all previous restore points have been deleted. What should I do? Should I enable system restore points? At the moment I haven't taken any action.

thanks
dreadpiratedaz
  • 0

#18
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Enable System Restore.

After doing that lets flush old system restore points.

Step #1 - Create a New Restore Point

Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point.

Step #2 - Flush All Previous Points

Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point.
  • 0

#19
dreadpiratedaz

dreadpiratedaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I've done step #1 but can't do step #2: I can't get 'remove all but most recent point', all I get in disk cleanup 'more options' tab is an option to vary the amount of disk space for system restore. I can't find a way to delete restore points or even access them. What should I do?

thanks

dreadpiratedaz
  • 0

#20
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Once you disable System restore, the old points are deleted. If your system restore was disabled, how did Ad aware find any items in System restore folder ???

Are you sure that it was disabled??
  • 0

#21
dreadpiratedaz

dreadpiratedaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I am absolutely positive that the only box checked in the more options tab was 'disable system restore'. Honest, hand on heart! I was surprised to see it disabled myself as I've never known this ever existed. So all the while I've had restore disabled throughout all the problems with the laptop. I don't recall ever creating other restore points in the 4 years I've had the laptop!

Also, i was unable to install spywareblaster: 'program was damaged, possibly by a bad sector on the hard disk.' Scandisk said I had no problems! What should I do next oh Captain!

dreadpiratedaz
  • 0

#22
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Its possible that the file (Spywareblaster) you downloaded was damaged. Please download it again and install it.


I am only wondering that if System Restore was disabled, then how there were files in the _Restore folder (the ones that Ad Aware identified as infected) !!!!
  • 0

#23
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Can you check if Ad Aware finds any items after enabling the System Restore??

If it does then try disabling System Restore, reboot the PC and enable System Restore again.

Again run Ad Aware.

Let me know how it goes.
  • 0

#24
dreadpiratedaz

dreadpiratedaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I enabled system restore and ran Ad-aware. Here's the log.

Ad-Aware SE Build 1.06r1
Logfile Created on:01 October 2005 08:52:50
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R68 28.09.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):3 total references
Tracking Cookie(TAC index:3):9 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R68 28.09.2005
Internal build : 80
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 526954 Bytes
Total size : 1581029 Bytes
Signature data size : 1547745 Bytes
Reference data size : 32772 Bytes
Signatures total : 43961
CSI Fingerprints total : 1047
CSI data size : 37307 Bytes
Target categories : 15
Target families : 753


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:0 %
Total physical memory:122304 kb
Available physical memory:3160 kb
Total page file size:1974844 kb
Available on page file:1715952 kb
Total virtual memory:2093056 kb
Available virtual memory:2042496 kb
OS:Microsoft Windows Millennium Edition

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


01-10-2005 08:52:50 - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4293865519
Threads : 8
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294964807
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4294858331
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk

#:4 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294859927
Threads : 3
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE

#:5 [SSDPSRV.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SSDPSRV.EXE
Command Line : C:\WINDOWS\SYSTEM\ssdpsrv.exe
ProcessID : 4294841719
Threads : 5
Priority : Normal
FileVersion : 4.90.3003.0
ProductVersion : 4.90.3003.0
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : SSDP Service on Windows Millennium
InternalName : ssdpsrv.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : ssdpsrv.exe

#:6 [THOTKEY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\THOTKEY.EXE
Command Line : C:\WINDOWS\SYSTEM\THotkey.exe
ProcessID : 4294839787
Threads : 3
Priority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : TOSHIBA THotkey
CompanyName : TOSHIBA Corp.
FileDescription : THotkey
InternalName : THotkey
LegalCopyright : Copyright © 1999
OriginalFilename : THotkey.exe

#:7 [STIMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\STIMON.EXE
Command Line : C:\WINDOWS\SYSTEM\STIMON.EXE
ProcessID : 4294893627
Threads : 6
Priority : Normal
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : STIMON.EXE

#:8 [MSTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSTASK.EXE
Command Line : mstask.exe
ProcessID : 4294873891
Threads : 3
Priority : Normal
FileVersion : 4.71.2721.1
ProductVersion : 4.71.2721.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:9 [KB891711.EXE]
ModuleName : C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
Command Line : n/a
ProcessID : 4294881407
Threads : 1
Priority : Normal
FileVersion : 4.10.2223
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB891711 component
InternalName : KB891711
LegalCopyright : Copyright © Microsoft Corp. 1991-2005
OriginalFilename : KB891711.EXE

#:10 [HPBPRO.EXE]
ModuleName : C:\WINDOWS\SYSTEM\HPBPRO.EXE
Command Line : C:\WINDOWS\SYSTEM\hpbpro.exe
ProcessID : 4292954955
Threads : 1
Priority : Normal
FileVersion : 1, 0, 42, 0
ProductVersion : 1, 0, 42, 0
ProductName : PortResolver Module
CompanyName : Hewlett-Packard Company
FileDescription : PortResolver Module
InternalName : PortResolver
LegalCopyright : Copyright 2000
OriginalFilename : PortResolver.exe

#:11 [HPBOID.EXE]
ModuleName : C:\WINDOWS\SYSTEM\HPBOID.EXE
Command Line : C:\WINDOWS\SYSTEM\hpboid.exe
ProcessID : 4294841075
Threads : 2
Priority : Normal
FileVersion : 1, 0, 42, 0
ProductVersion : 1, 0, 42, 0
ProductName : HP Status Server
CompanyName : Hewlett-Packard Company
FileDescription : HP Status Server Module
InternalName : HP Status Server
LegalCopyright : Copyright © 2000 by Hewlett-Packard Company
OriginalFilename : HPboid.EXE

#:12 [VSMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
Command Line : C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
ProcessID : 4292942275
Threads : 17
Priority : Normal
FileVersion : 6.0.667.000
ProductVersion : 6.0.667.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:13 [RPCSS.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RPCSS.EXE
Command Line : RPCSS
ProcessID : 4292990451
Threads : 6
Priority : Normal
FileVersion : 4.71.3328
ProductVersion : 4.71.3328
ProductName : Microsoft® Windows NT™ Operating System
CompanyName : Microsoft Corporation
FileDescription : Distributed COM Services
InternalName : rpcss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : rpcss.exe

#:14 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4292980003
Threads : 27
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE

#:15 [STMGR.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
Command Line : C:\WINDOWS\System\Restore\StMgr.exe
ProcessID : 4292912891
Threads : 5
Priority : Normal
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
ProductName : Microsoft ® PCHealth
CompanyName : Microsoft Corporation
FileDescription : Microsoft ® PC State Manager
InternalName : StateMgr.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : StateMgr.exe

#:16 [TASKMON.EXE]
ModuleName : C:\WINDOWS\TASKMON.EXE
Command Line : "C:\WINDOWS\taskmon.exe"
ProcessID : 4293113343
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:17 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4293019319
Threads : 3
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : SYSTRAY.EXE

#:18 [IRMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\IRMON.EXE
Command Line : "C:\WINDOWS\SYSTEM\irmon.exe"
ProcessID : 4293051075
Threads : 7
Priority : Normal
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Infrared Monitor
InternalName : irmon.dll
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : irmon.dll

#:19 [ALISNDMG.EXE]
ModuleName : C:\WINDOWS\SYSTEM\ALISNDMG.EXE
Command Line : "C:\WINDOWS\SYSTEM\ALiSndMg.exe"
ProcessID : 4293060151
Threads : 2
Priority : Normal
FileVersion : 1.01
ProductVersion : 1.01
ProductName : ALiSndMgr
CompanyName : ALi Laboratories Inc.
FileDescription : ALiSndMgr
InternalName : ALiSndMgr
LegalCopyright : Copyright © 2000
OriginalFilename : ALiSndMgr.exe

#:20 [EM_EXEC.EXE]
ModuleName : C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
Command Line : "C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE"
ProcessID : 4293041707
Threads : 3
Priority : Normal
FileVersion : 9.11.62
ProductVersion : 9.11
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2000.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team

#:21 [TPWRTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\TPWRTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\TPWRTRAY.EXE"
ProcessID : 4293256635
Threads : 2
Priority : Normal
FileVersion : 4. 0. 0. 0
ProductVersion : 4. 0. 0. 0
ProductName : Toshiba Power Saver
CompanyName : TOSHIBA Corporation
FileDescription : Toshiba Power Saver
InternalName : Tpwrtray
LegalCopyright : Copyright 1999-2001 Toshiba Corporation.
OriginalFilename : Tpwrtray.exe
Comments : Toshiba Power Saver

#:22 [TFNCKY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\TFNCKY.EXE
Command Line : "C:\WINDOWS\SYSTEM\TFncKy.exe"
ProcessID : 4293018731
Threads : 2
Priority : Normal
FileVersion : 1.21
ProductVersion : 1.21
ProductName : TFncKy
CompanyName : Toshiba Corporation
FileDescription : TFncKy
InternalName : TFncKy
LegalCopyright : Copyright 1997-2000 Toshiba Corporation. All rights reserved.
OriginalFilename : TFncKy.EXE

#:23 [DCFSSVC.EXE]
ModuleName : C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
Command Line : "C:\WINDOWS\System32\Drivers\dcfssvc.exe"
ProcessID : 4293252603
Threads : 3
Priority : Normal
FileVersion : 1.1.4400.0
ProductVersion : 3.2.0400.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2002
OriginalFilename : DcFsSvc.exe

#:24 [WMIEXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\WMIEXE.EXE
Command Line : WmiExe WMI_ffe24863
ProcessID : 4293147259
Threads : 4
Priority : Normal
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : wmiexe.exe

#:25 [AVGCC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE" /STARTUP
ProcessID : 4293135427
Threads : 6
Priority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:26 [AVGEMC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE"
ProcessID : 4293242307
Threads : 7
Priority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:27 [AVGAMSVR.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE"
ProcessID : 4293142967
Threads : 5
Priority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:28 [STATUSCLIENT.EXE]
ModuleName : C:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\APACHE TOMCAT 4.0\WEBAPPS\TOOLBOX\STATUSCLIENT\STATUSCLIENT.EXE
Command Line : "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" /auto
ProcessID : 4293181139
Threads : 4
Priority : Normal
FileVersion : 00.00.13
ProductVersion : 00.00.13
ProductName : Hewlett-Packard T-TR Status Client
CompanyName : Hewlett-Packard
FileDescription : Hewlett-Packard T-TR Status Client
InternalName : StatusClient.exe
LegalCopyright : Copyright © 2002 Hewlett-Packard Company
LegalTrademarks : All Rights Reserved.
OriginalFilename : StatusClient.exe

#:29 [ZLCLIENT.EXE]
ModuleName : C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
Command Line : "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
ProcessID : 4293170207
Threads : 7
Priority : Normal
FileVersion : 6.0.667.000
ProductVersion : 6.0.667.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:30 [RunDLL.exe]
ModuleName : C:\WINDOWS\RunDLL.exe
Command Line : n/a
ProcessID : 4293365507
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:31 [AIRPLUS.EXE]
ModuleName : C:\PROGRAM FILES\D-LINK AIRPLUS\AIRPLUS.EXE
Command Line : "C:\Program Files\D-Link AirPlus\AirPlus.exe"
ProcessID : 4293333967
Threads : 2
Priority : Normal
FileVersion : 4, 0, 0, 0
ProductVersion : 4, 0, 0, 0
ProductName : D-Link AirPlus
CompanyName : D-Link
FileDescription : WLAN Adapter Utility
InternalName : WLANMON
LegalCopyright : Copyright © All Rights Reserved.
OriginalFilename : AIRPLUS.EXE

#:32 [JAVAW.EXE]
ModuleName : C:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\JAVASOFT\JRE\1.3.1\BIN\JAVAW.EXE
Command Line : "C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" -jar -Duser.dir="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0" "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\bin\bootstrap.jar" start
ProcessID : 4293221199
Threads : 24
Priority : Normal


#:33 [SPOOL32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SPOOL32.EXE
Command Line : C:\WINDOWS\SYSTEM\spool32.exe
ProcessID : 4293270091
Threads : 5
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:34 [PSTORES.EXE]
ModuleName : C:\WINDOWS\SYSTEM\PSTORES.EXE
Command Line : C:\WINDOWS\SYSTEM\PSTORES.EXE
ProcessID : 4293466287
Threads : 3
Priority : Normal
FileVersion : 5.00.2133.2
ProductVersion : 5.00.2133.2
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : Protected storage server

#:35 [IEXPLORE.EXE]
ModuleName : C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
Command Line : "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
ProcessID : 4293496655
Threads : 9
Priority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:36 [DDHELP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DDHELP.EXE
Command Line : ddhelp.exe
ProcessID : 4293438919
Threads : 6
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe

#:37 [WUAUCLT.EXE]
ModuleName : C:\WINDOWS\WUAUCLT.EXE
Command Line : -AUMagic
ProcessID : 4293656115
Threads : 4
Priority : Idle
FileVersion : 5.4.5681.0
ProductVersion : 5.4.5681.0
ProductName : Microsoft Windows Update - AutoUpdate feature
CompanyName : Microsoft Corporation
FileDescription : Microsoft AutoUpdate
InternalName : WUAUCLT.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WUAUCLT.EXE

#:38 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4293637815
Threads : 3
Priority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : C:\WINDOWS\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:default@realmedia.com/
Expires : 01-01-2021 00:59:58
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:default@247realmedia.com/
Expires : 01-01-2011 00:59:58
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:18
Value : Cookie:default@2o7.net/
Expires : 06-09-2010 17:28:00
LastSync : Hits:18
UseCount : 0
Hits : 18

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:73
Value : Cookie:default@serving-sys.com/
Expires : 31-12-2037 23:00:00
LastSync : Hits:73
UseCount : 0
Hits : 73

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bravenet[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@bravenet.com/
Expires : 13-09-2015 21:45:24
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:default@questionmarket.com/
Expires : 19-11-2006 11:13:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@z1.adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:default@z1.adserver.com/
Expires : 04-09-2006 18:29:26
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@tripod[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:default@tripod.com/
Expires : 15-09-2006 21:45:14
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:default@imrworldwide.com/cgi-bin
Expires : 28-09-2015 18:49:34
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 12



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 12




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12

09:03:52 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:01.790
Objects scanned:74872
Objects identified:31
Objects ignored:22
New critical objects:0

I have tried to install spywareblaster several times now but i still get the same error: program damaged by bad sector on hard disk.
  • 0

#25
dreadpiratedaz

dreadpiratedaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
The only critical objects here seem to be tracking cookies but the number of objects scanned is totally different from yesterdays ad-aware scan. This latest scan is 70+K objects; yesterday's was 113k objects. Seems weird to me. Also after yesterday's scan I quarantined all the critical objects. I'm going to run Ad-aware again so hang fire

dreadpiratedaz
  • 0

Advertisements


#26
dreadpiratedaz

dreadpiratedaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I've scanned twice more with Ad-aware and found trojan horses in the restore folder. At the time I couldn't get on the internet so I also uninstalled ZoneAlarm - this allowed me access to the internet(I'll have to work that one out later!). Here are the two logs of the two scans:

I'm still not happy with the total number of objects scanned - it should be much greater than that. But there are two critical objects in the restore folder.

Ad-Aware SE Build 1.06r1
Logfile Created on:01 October 2005 09:16:40
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R68 28.09.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):3 total references
Tracking Cookie(TAC index:3):9 total references
Win32.Trojan.StartPage(TAC index:8):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R68 28.09.2005
Internal build : 80
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 526954 Bytes
Total size : 1581029 Bytes
Signature data size : 1547745 Bytes
Reference data size : 32772 Bytes
Signatures total : 43961
CSI Fingerprints total : 1047
CSI data size : 37307 Bytes
Target categories : 15
Target families : 753


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:0 %
Total physical memory:122304 kb
Available physical memory:3616 kb
Total page file size:1974844 kb
Available on page file:1718132 kb
Total virtual memory:2093056 kb
Available virtual memory:2042496 kb
OS:Microsoft Windows Millennium Edition

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


01-10-2005 09:16:40 - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4293865519
Threads : 8
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294964807
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4294858331
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk

#:4 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294859927
Threads : 3
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE

#:5 [SSDPSRV.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SSDPSRV.EXE
Command Line : C:\WINDOWS\SYSTEM\ssdpsrv.exe
ProcessID : 4294841719
Threads : 8
Priority : Normal
FileVersion : 4.90.3003.0
ProductVersion : 4.90.3003.0
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : SSDP Service on Windows Millennium
InternalName : ssdpsrv.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : ssdpsrv.exe

#:6 [THOTKEY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\THOTKEY.EXE
Command Line : C:\WINDOWS\SYSTEM\THotkey.exe
ProcessID : 4294839787
Threads : 3
Priority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : TOSHIBA THotkey
CompanyName : TOSHIBA Corp.
FileDescription : THotkey
InternalName : THotkey
LegalCopyright : Copyright © 1999
OriginalFilename : THotkey.exe

#:7 [STIMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\STIMON.EXE
Command Line : C:\WINDOWS\SYSTEM\STIMON.EXE
ProcessID : 4294893627
Threads : 6
Priority : Normal
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : STIMON.EXE

#:8 [MSTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSTASK.EXE
Command Line : mstask.exe
ProcessID : 4294873891
Threads : 3
Priority : Normal
FileVersion : 4.71.2721.1
ProductVersion : 4.71.2721.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:9 [KB891711.EXE]
ModuleName : C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
Command Line : n/a
ProcessID : 4294881407
Threads : 1
Priority : Normal
FileVersion : 4.10.2223
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB891711 component
InternalName : KB891711
LegalCopyright : Copyright © Microsoft Corp. 1991-2005
OriginalFilename : KB891711.EXE

#:10 [HPBPRO.EXE]
ModuleName : C:\WINDOWS\SYSTEM\HPBPRO.EXE
Command Line : C:\WINDOWS\SYSTEM\hpbpro.exe
ProcessID : 4292954955
Threads : 1
Priority : Normal
FileVersion : 1, 0, 42, 0
ProductVersion : 1, 0, 42, 0
ProductName : PortResolver Module
CompanyName : Hewlett-Packard Company
FileDescription : PortResolver Module
InternalName : PortResolver
LegalCopyright : Copyright 2000
OriginalFilename : PortResolver.exe

#:11 [HPBOID.EXE]
ModuleName : C:\WINDOWS\SYSTEM\HPBOID.EXE
Command Line : C:\WINDOWS\SYSTEM\hpboid.exe
ProcessID : 4294841075
Threads : 2
Priority : Normal
FileVersion : 1, 0, 42, 0
ProductVersion : 1, 0, 42, 0
ProductName : HP Status Server
CompanyName : Hewlett-Packard Company
FileDescription : HP Status Server Module
InternalName : HP Status Server
LegalCopyright : Copyright © 2000 by Hewlett-Packard Company
OriginalFilename : HPboid.EXE

#:12 [VSMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
Command Line : C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
ProcessID : 4292942275
Threads : 17
Priority : Normal
FileVersion : 6.0.667.000
ProductVersion : 6.0.667.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:13 [RPCSS.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RPCSS.EXE
Command Line : RPCSS
ProcessID : 4292990451
Threads : 6
Priority : Normal
FileVersion : 4.71.3328
ProductVersion : 4.71.3328
ProductName : Microsoft® Windows NT™ Operating System
CompanyName : Microsoft Corporation
FileDescription : Distributed COM Services
InternalName : rpcss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : rpcss.exe

#:14 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4292980003
Threads : 27
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE

#:15 [STMGR.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
Command Line : C:\WINDOWS\System\Restore\StMgr.exe
ProcessID : 4292912891
Threads : 5
Priority : Normal
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
ProductName : Microsoft ® PCHealth
CompanyName : Microsoft Corporation
FileDescription : Microsoft ® PC State Manager
InternalName : StateMgr.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : StateMgr.exe

#:16 [TASKMON.EXE]
ModuleName : C:\WINDOWS\TASKMON.EXE
Command Line : "C:\WINDOWS\taskmon.exe"
ProcessID : 4293113343
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:17 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4293019319
Threads : 3
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : SYSTRAY.EXE

#:18 [IRMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\IRMON.EXE
Command Line : "C:\WINDOWS\SYSTEM\irmon.exe"
ProcessID : 4293051075
Threads : 7
Priority : Normal
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Infrared Monitor
InternalName : irmon.dll
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : irmon.dll

#:19 [ALISNDMG.EXE]
ModuleName : C:\WINDOWS\SYSTEM\ALISNDMG.EXE
Command Line : "C:\WINDOWS\SYSTEM\ALiSndMg.exe"
ProcessID : 4293060151
Threads : 2
Priority : Normal
FileVersion : 1.01
ProductVersion : 1.01
ProductName : ALiSndMgr
CompanyName : ALi Laboratories Inc.
FileDescription : ALiSndMgr
InternalName : ALiSndMgr
LegalCopyright : Copyright © 2000
OriginalFilename : ALiSndMgr.exe

#:20 [EM_EXEC.EXE]
ModuleName : C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
Command Line : "C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE"
ProcessID : 4293041707
Threads : 3
Priority : Normal
FileVersion : 9.11.62
ProductVersion : 9.11
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2000.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team

#:21 [TPWRTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\TPWRTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\TPWRTRAY.EXE"
ProcessID : 4293256635
Threads : 2
Priority : Normal
FileVersion : 4. 0. 0. 0
ProductVersion : 4. 0. 0. 0
ProductName : Toshiba Power Saver
CompanyName : TOSHIBA Corporation
FileDescription : Toshiba Power Saver
InternalName : Tpwrtray
LegalCopyright : Copyright 1999-2001 Toshiba Corporation.
OriginalFilename : Tpwrtray.exe
Comments : Toshiba Power Saver

#:22 [TFNCKY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\TFNCKY.EXE
Command Line : "C:\WINDOWS\SYSTEM\TFncKy.exe"
ProcessID : 4293018731
Threads : 2
Priority : Normal
FileVersion : 1.21
ProductVersion : 1.21
ProductName : TFncKy
CompanyName : Toshiba Corporation
FileDescription : TFncKy
InternalName : TFncKy
LegalCopyright : Copyright 1997-2000 Toshiba Corporation. All rights reserved.
OriginalFilename : TFncKy.EXE

#:23 [DCFSSVC.EXE]
ModuleName : C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
Command Line : "C:\WINDOWS\System32\Drivers\dcfssvc.exe"
ProcessID : 4293252603
Threads : 3
Priority : Normal
FileVersion : 1.1.4400.0
ProductVersion : 3.2.0400.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2002
OriginalFilename : DcFsSvc.exe

#:24 [WMIEXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\WMIEXE.EXE
Command Line : WmiExe WMI_ffe24863
ProcessID : 4293147259
Threads : 4
Priority : Normal
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : wmiexe.exe

#:25 [AVGCC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE" /STARTUP
ProcessID : 4293135427
Threads : 6
Priority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:26 [AVGEMC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE"
ProcessID : 4293242307
Threads : 7
Priority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:27 [AVGAMSVR.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE"
ProcessID : 4293142967
Threads : 8
Priority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:28 [STATUSCLIENT.EXE]
ModuleName : C:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\APACHE TOMCAT 4.0\WEBAPPS\TOOLBOX\STATUSCLIENT\STATUSCLIENT.EXE
Command Line : "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" /auto
ProcessID : 4293181139
Threads : 4
Priority : Normal
FileVersion : 00.00.13
ProductVersion : 00.00.13
ProductName : Hewlett-Packard T-TR Status Client
CompanyName : Hewlett-Packard
FileDescription : Hewlett-Packard T-TR Status Client
InternalName : StatusClient.exe
LegalCopyright : Copyright © 2002 Hewlett-Packard Company
LegalTrademarks : All Rights Reserved.
OriginalFilename : StatusClient.exe

#:29 [ZLCLIENT.EXE]
ModuleName : C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
Command Line : "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
ProcessID : 4293170207
Threads : 7
Priority : Normal
FileVersion : 6.0.667.000
ProductVersion : 6.0.667.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:30 [RunDLL.exe]
ModuleName : C:\WINDOWS\RunDLL.exe
Command Line : n/a
ProcessID : 4293365507
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:31 [AIRPLUS.EXE]
ModuleName : C:\PROGRAM FILES\D-LINK AIRPLUS\AIRPLUS.EXE
Command Line : "C:\Program Files\D-Link AirPlus\AirPlus.exe"
ProcessID : 4293333967
Threads : 2
Priority : Normal
FileVersion : 4, 0, 0, 0
ProductVersion : 4, 0, 0, 0
ProductName : D-Link AirPlus
CompanyName : D-Link
FileDescription : WLAN Adapter Utility
InternalName : WLANMON
LegalCopyright : Copyright © All Rights Reserved.
OriginalFilename : AIRPLUS.EXE

#:32 [JAVAW.EXE]
ModuleName : C:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\JAVASOFT\JRE\1.3.1\BIN\JAVAW.EXE
Command Line : "C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" -jar -Duser.dir="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0" "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\bin\bootstrap.jar" start
ProcessID : 4293221199
Threads : 24
Priority : Normal


#:33 [SPOOL32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SPOOL32.EXE
Command Line : C:\WINDOWS\SYSTEM\spool32.exe
ProcessID : 4293270091
Threads : 5
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:34 [PSTORES.EXE]
ModuleName : C:\WINDOWS\SYSTEM\PSTORES.EXE
Command Line : C:\WINDOWS\SYSTEM\PSTORES.EXE
ProcessID : 4293466287
Threads : 3
Priority : Normal
FileVersion : 5.00.2133.2
ProductVersion : 5.00.2133.2
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : Protected storage server

#:35 [DDHELP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DDHELP.EXE
Command Line : ddhelp.exe
ProcessID : 4293438919
Threads : 3
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe

#:36 [WUAUCLT.EXE]
ModuleName : C:\WINDOWS\WUAUCLT.EXE
Command Line : -AUMagic
ProcessID : 4293656115
Threads : 4
Priority : Idle
FileVersion : 5.4.5681.0
ProductVersion : 5.4.5681.0
ProductName : Microsoft Windows Update - AutoUpdate feature
CompanyName : Microsoft Corporation
FileDescription : Microsoft AutoUpdate
InternalName : WUAUCLT.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WUAUCLT.EXE

#:37 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4293434199
Threads : 3
Priority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : C:\WINDOWS\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:default@realmedia.com/
Expires : 01-01-2021 00:59:58
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:default@247realmedia.com/
Expires : 01-01-2011 00:59:58
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:18
Value : Cookie:default@2o7.net/
Expires : 06-09-2010 17:28:00
LastSync : Hits:18
UseCount : 0
Hits : 18

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:73
Value : Cookie:default@serving-sys.com/
Expires : 31-12-2037 23:00:00
LastSync : Hits:73
UseCount : 0
Hits : 73

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bravenet[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@bravenet.com/
Expires : 13-09-2015 21:45:24
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:default@questionmarket.com/
Expires : 19-11-2006 11:13:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@z1.adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:default@z1.adserver.com/
Expires : 04-09-2006 18:29:26
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@tripod[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:default@tripod.com/
Expires : 15-09-2006 21:45:14
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:default@imrworldwide.com/cgi-bin
Expires : 28-09-2015 18:49:34
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 12



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.StartPage Object Recognized!
Type : File
Data : A0000078.CPY
TAC Rating : 8
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\



Win32.Trojan.StartPage Object Recognized!
Type : File
Data : A0000083.CPY
TAC Rating : 8
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 14




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14

09:25:35 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:55.140
Objects scanned:74882
Objects identified:33
Objects ignored:22
New critical objects:0




Ad-Aware SE Build 1.06r1
Logfile Created on:01 October 2005 09:27:58
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R68 28.09.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):3 total references
Tracking Cookie(TAC index:3):18 total references
Win32.Trojan.StartPage(TAC index:8):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R68 28.09.2005
Internal build : 80
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 526954 Bytes
Total size : 1581029 Bytes
Signature data size : 1547745 Bytes
Reference data size : 32772 Bytes
Signatures total : 43961
CSI Fingerprints total : 1047
CSI data size : 37307 Bytes
Target categories : 15
Target families : 753


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:0 %
Total physical memory:122304 kb
Available physical memory:3304 kb
Total page file size:1974844 kb
Available on page file:1716872 kb
Total virtual memory:2093056 kb
Available virtual memory:2042496 kb
OS:Microsoft Windows Millennium Edition

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


01-10-2005 09:27:58 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\WINDOWS\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4293865519
Threads : 8
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294964807
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4294858331
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk

#:4 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294859927
Threads : 3
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE

#:5 [SSDPSRV.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SSDPSRV.EXE
Command Line : C:\WINDOWS\SYSTEM\ssdpsrv.exe
ProcessID : 4294841719
Threads : 8
Priority : Normal
FileVersion : 4.90.3003.0
ProductVersion : 4.90.3003.0
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : SSDP Service on Windows Millennium
InternalName : ssdpsrv.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : ssdpsrv.exe

#:6 [THOTKEY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\THOTKEY.EXE
Command Line : C:\WINDOWS\SYSTEM\THotkey.exe
ProcessID : 4294839787
Threads : 3
Priority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : TOSHIBA THotkey
CompanyName : TOSHIBA Corp.
FileDescription : THotkey
InternalName : THotkey
LegalCopyright : Copyright © 1999
OriginalFilename : THotkey.exe

#:7 [STIMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\STIMON.EXE
Command Line : C:\WINDOWS\SYSTEM\STIMON.EXE
ProcessID : 4294893627
Threads : 6
Priority : Normal
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : STIMON.EXE

#:8 [MSTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSTASK.EXE
Command Line : mstask.exe
ProcessID : 4294873891
Threads : 3
Priority : Normal
FileVersion : 4.71.2721.1
ProductVersion : 4.71.2721.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:9 [KB891711.EXE]
ModuleName : C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
Command Line : n/a
ProcessID : 4294881407
Threads : 1
Priority : Normal
FileVersion : 4.10.2223
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB891711 component
InternalName : KB891711
LegalCopyright : Copyright © Microsoft Corp. 1991-2005
OriginalFilename : KB891711.EXE

#:10 [HPBPRO.EXE]
ModuleName : C:\WINDOWS\SYSTEM\HPBPRO.EXE
Command Line : C:\WINDOWS\SYSTEM\hpbpro.exe
ProcessID : 4292954955
Threads : 1
Priority : Normal
FileVersion : 1, 0, 42, 0
ProductVersion : 1, 0, 42, 0
ProductName : PortResolver Module
CompanyName : Hewlett-Packard Company
FileDescription : PortResolver Module
InternalName : PortResolver
LegalCopyright : Copyright 2000
OriginalFilename : PortResolver.exe

#:11 [HPBOID.EXE]
ModuleName : C:\WINDOWS\SYSTEM\HPBOID.EXE
Command Line : C:\WINDOWS\SYSTEM\hpboid.exe
ProcessID : 4294841075
Threads : 2
Priority : Normal
FileVersion : 1, 0, 42, 0
ProductVersion : 1, 0, 42, 0
ProductName : HP Status Server
CompanyName : Hewlett-Packard Company
FileDescription : HP Status Server Module
InternalName : HP Status Server
LegalCopyright : Copyright © 2000 by Hewlett-Packard Company
OriginalFilename : HPboid.EXE

#:12 [VSMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
Command Line : C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
ProcessID : 4292942275
Threads : 17
Priority : Normal
FileVersion : 6.0.667.000
ProductVersion : 6.0.667.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:13 [RPCSS.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RPCSS.EXE
Command Line : RPCSS
ProcessID : 4292990451
Threads : 6
Priority : Normal
FileVersion : 4.71.3328
ProductVersion : 4.71.3328
ProductName : Microsoft® Windows NT™ Operating System
CompanyName : Microsoft Corporation
FileDescription : Distributed COM Services
InternalName : rpcss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : rpcss.exe

#:14 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4292980003
Threads : 25
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE

#:15 [STMGR.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
Command Line : C:\WINDOWS\System\Restore\StMgr.exe
ProcessID : 4292912891
Threads : 5
Priority : Normal
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
ProductName : Microsoft ® PCHealth
CompanyName : Microsoft Corporation
FileDescription : Microsoft ® PC State Manager
InternalName : StateMgr.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : StateMgr.exe

#:16 [TASKMON.EXE]
ModuleName : C:\WINDOWS\TASKMON.EXE
Command Line : "C:\WINDOWS\taskmon.exe"
ProcessID : 4293113343
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:17 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4293019319
Threads : 3
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : SYSTRAY.EXE

#:18 [IRMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\IRMON.EXE
Command Line : "C:\WINDOWS\SYSTEM\irmon.exe"
ProcessID : 4293051075
Threads : 7
Priority : Normal
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Infrared Monitor
InternalName : irmon.dll
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : irmon.dll

#:19 [ALISNDMG.EXE]
ModuleName : C:\WINDOWS\SYSTEM\ALISNDMG.EXE
Command Line : "C:\WINDOWS\SYSTEM\ALiSndMg.exe"
ProcessID : 4293060151
Threads : 2
Priority : Normal
FileVersion : 1.01
ProductVersion : 1.01
ProductName : ALiSndMgr
CompanyName : ALi Laboratories Inc.
FileDescription : ALiSndMgr
InternalName : ALiSndMgr
LegalCopyright : Copyright © 2000
OriginalFilename : ALiSndMgr.exe

#:20 [EM_EXEC.EXE]
ModuleName : C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
Command Line : "C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE"
ProcessID : 4293041707
Threads : 3
Priority : Normal
FileVersion : 9.11.62
ProductVersion : 9.11
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2000.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team

#:21 [TPWRTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\TPWRTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\TPWRTRAY.EXE"
ProcessID : 4293256635
Threads : 2
Priority : Normal
FileVersion : 4. 0. 0. 0
ProductVersion : 4. 0. 0. 0
ProductName : Toshiba Power Saver
CompanyName : TOSHIBA Corporation
FileDescription : Toshiba Power Saver
InternalName : Tpwrtray
LegalCopyright : Copyright 1999-2001 Toshiba Corporation.
OriginalFilename : Tpwrtray.exe
Comments : Toshiba Power Saver

#:22 [TFNCKY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\TFNCKY.EXE
Command Line : "C:\WINDOWS\SYSTEM\TFncKy.exe"
ProcessID : 4293018731
Threads : 2
Priority : Normal
FileVersion : 1.21
ProductVersion : 1.21
ProductName : TFncKy
CompanyName : Toshiba Corporation
FileDescription : TFncKy
InternalName : TFncKy
LegalCopyright : Copyright 1997-2000 Toshiba Corporation. All rights reserved.
OriginalFilename : TFncKy.EXE

#:23 [DCFSSVC.EXE]
ModuleName : C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
Command Line : "C:\WINDOWS\System32\Drivers\dcfssvc.exe"
ProcessID : 4293252603
Threads : 3
Priority : Normal
FileVersion : 1.1.4400.0
ProductVersion : 3.2.0400.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2002
OriginalFilename : DcFsSvc.exe

#:24 [WMIEXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\WMIEXE.EXE
Command Line : WmiExe WMI_ffe24863
ProcessID : 4293147259
Threads : 4
Priority : Normal
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : wmiexe.exe

#:25 [AVGCC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE" /STARTUP
ProcessID : 4293135427
Threads : 6
Priority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:26 [AVGEMC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE"
ProcessID : 4293242307
Threads : 7
Priority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:27 [AVGAMSVR.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE"
ProcessID : 4293142967
Threads : 8
Priority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:28 [STATUSCLIENT.EXE]
ModuleName : C:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\APACHE TOMCAT 4.0\WEBAPPS\TOOLBOX\STATUSCLIENT\STATUSCLIENT.EXE
Command Line : "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" /auto
ProcessID : 4293181139
Threads : 4
Priority : Normal
FileVersion : 00.00.13
ProductVersion : 00.00.13
ProductName : Hewlett-Packard T-TR Status Client
CompanyName : Hewlett-Packard
FileDescription : Hewlett-Packard T-TR Status Client
InternalName : StatusClient.exe
LegalCopyright : Copyright © 2002 Hewlett-Packard Company
LegalTrademarks : All Rights Reserved.
OriginalFilename : StatusClient.exe

#:29 [ZLCLIENT.EXE]
ModuleName : C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
Command Line : "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
ProcessID : 4293170207
Threads : 7
Priority : Normal
FileVersion : 6.0.667.000
ProductVersion : 6.0.667.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:30 [RunDLL.exe]
ModuleName : C:\WINDOWS\RunDLL.exe
Command Line : n/a
ProcessID : 4293365507
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:31 [AIRPLUS.EXE]
ModuleName : C:\PROGRAM FILES\D-LINK AIRPLUS\AIRPLUS.EXE
Command Line : "C:\Program Files\D-Link AirPlus\AirPlus.exe"
ProcessID : 4293333967
Threads : 2
Priority : Normal
FileVersion : 4, 0, 0, 0
ProductVersion : 4, 0, 0, 0
ProductName : D-Link AirPlus
CompanyName : D-Link
FileDescription : WLAN Adapter Utility
InternalName : WLANMON
LegalCopyright : Copyright © All Rights Reserved.
OriginalFilename : AIRPLUS.EXE

#:32 [JAVAW.EXE]
ModuleName : C:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\JAVASOFT\JRE\1.3.1\BIN\JAVAW.EXE
Command Line : "C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" -jar -Duser.dir="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0" "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\bin\bootstrap.jar" start
ProcessID : 4293221199
Threads : 24
Priority : Normal


#:33 [SPOOL32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SPOOL32.EXE
Command Line : C:\WINDOWS\SYSTEM\spool32.exe
ProcessID : 4293270091
Threads : 5
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:34 [PSTORES.EXE]
ModuleName : C:\WINDOWS\SYSTEM\PSTORES.EXE
Command Line : C:\WINDOWS\SYSTEM\PSTORES.EXE
ProcessID : 4293466287
Threads : 3
Priority : Normal
FileVersion : 5.00.2133.2
ProductVersion : 5.00.2133.2
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : Protected storage server

#:35 [DDHELP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DDHELP.EXE
Command Line : ddhelp.exe
ProcessID : 4293438919
Threads : 3
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
Interna
  • 0

#27
dreadpiratedaz

dreadpiratedaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Sorry Tampabelle,

but I've made everything a bit confusing this am - that's the trouble with us artisitic types.

I have scanned again with Ad-aware and only found 9 tracking cookies - no nasty trojans or anything like that. However, I'm still suspicious, I just don't trust that loaderX file - or am I just being cynical?

It looks like it may have worked. Shall I post more logs??

dreadpiratedaz
  • 0

#28
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
You need to figure out what System Restore is and what it can do !!!!!!!!!!

Please search for system restore on the internet (on google or any other search engine) and read up as much as possible.


A file in System restore cannot do. It is like a person frozen and buried in a vault to be revived later, if necessary. That seems to be a good analogy. So till the person is thawed out (by activating the System Restore), the file lies inert !!!!!!!!!

To take care of your tracking cookies, Run IE. Click on tools ---> internet options.

Click on "Delete Files" and "Delete Cookies". This will delete all your cookies and you may have to login at all the sites whose passwords you may have stored.
  • 0

#29
dreadpiratedaz

dreadpiratedaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Done! Honest guv, I promise I will find out about system restore.

Does that mean we are done here now? Can I go home now . . . please?

dreadpiratedaz
  • 0

#30
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Yes, I believe that your PC is clean.



I would recommend the following steps to keep your PC clean (especially Step 1 to install critical Windows patches including Service Pack 2 or SP2 if not already installed and Step 8 now that your PC is clean) –

PREVENTIVE MEASURES FOR FUTURE

Operating System
1. Keep the Windows and Internet Explorer updated with the latest fixes. These fixes are available free from Microsoft. Click on Tools in the IE menu bar and then on Windows update. You can also use the following links

Windows security and critical updates
Internet Explorer security and critical updates

Also ensure that automatic updates are enabled for faster updation of the system.
(Right click on My Computer on your desktop, properties and Automatic Updates tab.


Anti-Virus Software
2. Keep your Anti-virus program updated with the latest definitions. Some of the common anti-virus programs in use are :

Norton Anti-Virus
McAfee Anti-Virus
AVG Anti-Virus --- freeware
Avast Home Edition --- freeware

Use only one anti-virus program as multiple such programs can create conflicts between themselves and severely hamper the performance of your PC.


Firewall
3. You should also have a good firewall. Here are 3 free ones available for personal use:
Sygate Personal Firewall, Kerio Personal Firewall, ZoneAlarm


Internet Browsers
4. Have robust explorer settings. It is preferable to use an internet browser other that IE as most of the malware is targetted at IE. In case you prefer to use IE, then download a list of innocent looking but harmful websites from IE-Spyad and install it on ur PC. IE-SPYAD puts over 5000 sites in your internet explorer's restricted zone, so you'll be protected when you visit innocent-looking sites that aren't really innocent at all.

Some alternate browsers I suggest are Firefox Mozilla Browser and Opera

Ensure that Security level, irrespective of whichever browser you use, is set at Medium or higher, restrict the usage of cookies and activeX components.


Spyware Protection
5. Have a wall of protection against spyware / adware by installing SpywareBlaster and SpywareGuard.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs.
SpywareBlaster will prevent spyware from being installed and consumes no system resources.
SpywareGuard offers realtime protection from spyware installation and browser hijack attempts. Both have free ongoing updates.


Spyware Removers
6. Install programs for scanning for malware and uninstalling them. Two of the best programs, both are freeware, are :

Spybot Search & Destroy - A powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

AdAware SE Personal Edition - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.


Regular Maintenance of PC
7. Finally, invest some time for regular maintenance of your PC. Delete the temporary Internet files, temporary files, cookies etc. Click on Start button, Programs, Accessories, System Tools and run the program Disk Cleanup. Follow the instructions.

An alternate freeware software which can be used is CleanUp.

Keep your Registry clean. My favourite software is Registry First Aid. This is not a freeware but a trial version can be downloaded.


System Restore Points
8. Since your PC is currently clean, create a system restore point. A system restore would enable you to revert to the settings on the PC when the restore point was created. It is also a good idea to flush all earlier system restore points which may be containing infected files.

A. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

B. Restart your computer.

C. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

System Restore will now be active again.


Go ahead and enjoy a clean PC !!!!!!!!!!!!!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP