Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP ME GET RID OF THE D**N VX2

Started by onlytruth , May 10 2005 09:09 AM

  • This topic is locked This topic is locked

#1
onlytruth
Posted 10 May 2005 - 09:09 AM

onlytruth

    New Member

  • Member
  • Pip
  • 4 posts
;)
I need help. I have tried everything I know to get rid of VX2. I have run Ad-aware. I have run their vx2 cleaner add-on. I have rebooted and re-run Ad-Aware. The add-on says that it's clean. Then I run the system scan and it shows it still to be there. Then I clean it and then it's back... Repeat a few dozen times.

Everytime I boot up, IE opens up on its own. I get tons of pop-ups. Things added to my favorites. I open IE and no matter what I put in for a homepage, it goes to this "about:blank" "site".


PS The person that made this trojan / virus needs to be hung by certain anatomical regions. :tazz: Seriously though, do these people who use this spyware stuff really think that I am going to click on a link that pops up as a result of my computer being infected???????

Here is the logfile from the Ad-Aware SE:


Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, May 10, 2005 10:52:12 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):20 total references
MRU List(TAC index:0):34 total references
Possible Browser Hijack attempt(TAC index:3):3 total references
VX2(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5/10/2005 10:52:12 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\fred larsen\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\fred larsen\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\adobe\adobe acrobat\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe acrobat


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\frontpage\explorer\frontpage explorer\recent file list
Description : list of recently used files in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\frontpage\explorer\frontpage explorer\recent page list
Description : list of recently used pages in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\frontpage\explorer\frontpage explorer\recent web list
Description : list of recently used webs in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\office\11.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\office\11.0\powerpoint\recentfolderlist
Description : list of recent folders used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\office\9.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\office\9.0\common\open find\microsoft powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\office\9.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\office\9.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\office\9.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\office\9.0\powerpoint\recentfolderlist
Description : list of recent folders used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : S-1-5-21-625160434-455156824-1739942258-1001\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 164
ThreadCreationTime : 5/10/2005 2:05:23 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 188
ThreadCreationTime : 5/10/2005 2:05:28 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 184
ThreadCreationTime : 5/10/2005 2:05:29 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 236
ThreadCreationTime : 5/10/2005 2:05:30 PM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 248
ThreadCreationTime : 5/10/2005 2:05:30 PM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [scardsvr.exe]
FilePath : C:\WINNT\System32\
ProcessID : 384
ThreadCreationTime : 5/10/2005 2:05:33 PM
BasePriority : Normal
FileVersion : 5.00.2195.6609
ProductVersion : 5.00.2195.6609
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Smart Card Resource Management Server
InternalName : SCardSvr.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : SCardSvr.exe

#:7 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 452
ThreadCreationTime : 5/10/2005 2:05:34 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 492
ThreadCreationTime : 5/10/2005 2:05:34 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:9 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 528
ThreadCreationTime : 5/10/2005 2:05:34 PM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:10 [acautoreg.exe]
FilePath : C:\Program Files\Common Files\ActivCard\
ProcessID : 608
ThreadCreationTime : 5/10/2005 2:05:40 PM
BasePriority : Normal
FileVersion : 1, 0, 5, 0
ProductVersion : 2, 2, 0, 0
ProductName : ActivCard Gold
CompanyName : ActivCard S.A.
FileDescription : ActivCard Gold - New Card Registration
InternalName : acautoreg
LegalCopyright : Copyright © 1998-2002 ActivCard (All rights reserved)
OriginalFilename : acautoreg.EXE

#:11 [accoca.exe]
FilePath : C:\Program Files\Common Files\ActivCard\
ProcessID : 632
ThreadCreationTime : 5/10/2005 2:05:40 PM
BasePriority : Normal
FileVersion : 2, 1, 8, 0
ProductVersion : 2, 2, 0, 0
ProductName : ActivCard Gold
CompanyName : ActivCard
FileDescription : ActivCard Cache Server
InternalName : accoca
LegalCopyright : Copyright © 1998-2002 ActivCard (All rights reserved)
OriginalFilename : accoca.exe
Comments : ActivCard Secure Cache Server

#:12 [ati2evxx.exe]
FilePath : C:\WINNT\System32\
ProcessID : 644
ThreadCreationTime : 5/10/2005 2:05:40 PM
BasePriority : Normal


#:13 [cam.exe]
FilePath : C:\Program Files\CA\SharedComponents\CAM\bin\
ProcessID : 664
ThreadCreationTime : 5/10/2005 2:05:41 PM
BasePriority : Normal
FileVersion : 3.11.26.10
ProductVersion : 3.11.26.10
ProductName : Unicenter Message Queuing
CompanyName : Computer Associates International, Inc.
FileDescription : CA Message Queuing Server
InternalName : cam
LegalCopyright : Copyright © 2002 Computer Associates International, Inc.
OriginalFilename : cam.exe
Comments : CA Message Queuing Server

#:14 [cvpnd.exe]
FilePath : C:\Program Files\Cisco Systems\VPN Client\
ProcessID : 684
ThreadCreationTime : 5/10/2005 2:05:41 PM
BasePriority : Normal
FileVersion : 4.0.3 (A)
ProductVersion : 4.0.3 (A)
ProductName : Cisco Systems VPN Client
CompanyName : Cisco Systems, Inc.
FileDescription : Cisco Systems VPN Client
InternalName : cvpnd
LegalCopyright : Copyright © 1998-2003 Cisco Systems, Inc.
OriginalFilename : CVPND.EXE

#:15 [defwatch.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 704
ThreadCreationTime : 5/10/2005 2:05:42 PM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:16 [dmprimer.exe]
FilePath : C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\
ProcessID : 720
ThreadCreationTime : 5/10/2005 2:05:42 PM
BasePriority : Normal
FileVersion : 1, 4, 0, 155
ProductVersion : 1, 4, 0, 155
ProductName : DMPrimer
CompanyName : Computer Associates
FileDescription : DMPrimer
InternalName : DMPrimer
LegalCopyright : Copyright © 2003 Computer Associates International, Inc. All rigts reserved.
OriginalFilename : DMPrimer.exe

#:17 [logwatnt.exe]
FilePath : C:\WINNT\
ProcessID : 768
ThreadCreationTime : 5/10/2005 2:05:44 PM
BasePriority : Normal


#:18 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 800
ThreadCreationTime : 5/10/2005 2:05:45 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:19 [rtvscan.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 840
ThreadCreationTime : 5/10/2005 2:05:45 PM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2003

#:20 [rchost.exe]
FilePath : C:\Program Files\CA\Unicenter Remote Control\
ProcessID : 856
ThreadCreationTime : 5/10/2005 2:05:46 PM
BasePriority : ?
FileVersion : 6, 0, 77, 0
ProductVersion : 6, 0, 77, 0
ProductName : Unicenter Remote Control
CompanyName : Computer Associates International, Inc.
FileDescription : Unicenter Remote Control Host
InternalName : rcHost
LegalCopyright : Copyright © Computer Associates 2003
OriginalFilename : rcHost.exe

#:21 [rcmanclient.exe]
FilePath : C:\TNGRCO\
ProcessID : 912
ThreadCreationTime : 5/10/2005 2:05:47 PM
BasePriority : Normal
FileVersion : 5.2.3.32
ProductVersion : 5.2
ProductName : Unicenter Remote Control
CompanyName : Computer Associates International, Inc.
LegalCopyright : Copyright © Computer Associates Int'l, Inc. 2002
LegalTrademarks : TNG ™ is a trademark of Computer Associates International, Inc.
Comments : Build 5.2.3.32

#:22 [rcoservice.exe]
FilePath : C:\TNGRCO\
ProcessID : 940
ThreadCreationTime : 5/10/2005 2:05:48 PM
BasePriority : Normal
FileVersion : 5.2.4.22
ProductVersion : 5.2
ProductName : Unicenter Remote Control
CompanyName : Computer Associates International, Inc.
LegalCopyright : Copyright © Computer Associates Int'l, Inc. 2002
LegalTrademarks : TNG ™ is a trademark of Computer Associates International, Inc.
Comments : Build 5.2.4.22

#:23 [rp32u.exe]
FilePath : C:\TNGRCO\
ProcessID : 960
ThreadCreationTime : 5/10/2005 2:05:48 PM
BasePriority : Normal
FileVersion : 5.2.4.22
ProductVersion : 5.2
ProductName : Unicenter Remote Control
CompanyName : Computer Associates International, Inc.
LegalCopyright : Copyright © Computer Associates Int'l, Inc. 2002
LegalTrademarks : TNG ™ is a trademark of Computer Associates International, Inc.
Comments : Build 5.2.4.22

#:24 [regsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 968
ThreadCreationTime : 5/10/2005 2:05:48 PM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:25 [mstask.exe]
FilePath : C:\WINNT\system32\
ProcessID : 996
ThreadCreationTime : 5/10/2005 2:05:49 PM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:26 [sdserv.exe]
FilePath : C:\TNGSD\BIN\
ProcessID : 1004
ThreadCreationTime : 5/10/2005 2:05:50 PM
BasePriority : Normal


#:27 [stisvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1048
ThreadCreationTime : 5/10/2005 2:05:50 PM
BasePriority : Normal
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE

#:28 [umcstub.exe]
FilePath : C:\WINNT\
ProcessID : 1124
ThreadCreationTime : 5/10/2005 2:05:52 PM
BasePriority : Normal
FileVersion : 2.9
ProductVersion : 4.0
ProductName : Unicenter Asset Management
CompanyName : Computer Associates International, Inc.
FileDescription : Service Agent Loader
InternalName : UMCSTUB
LegalCopyright : Copyright 2003 Computer Associates International, Inc.
LegalTrademarks : Unicenter ® is a registered trademark of Computer Associates International, Inc.
OriginalFilename : UMCSTUB.EXE

#:29 [triggag.exe]
FilePath : C:\TNGSD\BIN\
ProcessID : 1220
ThreadCreationTime : 5/10/2005 2:06:00 PM
BasePriority : Normal
FileVersion : 4, 0, 1931, 0
ProductVersion : 4, 0, 1931, 0
ProductName : Unicenter Software Delivery
CompanyName : Computer Associates International, Inc.
FileDescription : TRIGGAG
InternalName : TRIGGAG
LegalCopyright : Copyright 2003
OriginalFilename : TRIGGAG.exe

#:30 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 1352
ThreadCreationTime : 5/10/2005 2:06:12 PM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:31 [syntplpr.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 1108
ThreadCreationTime : 5/10/2005 2:07:06 PM
BasePriority : Normal
FileVersion : 7.2.12 17Mar03
ProductVersion : 7.2.12 17Mar03
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2003
OriginalFilename : SynTPLpr.exe

#:32 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 1248
ThreadCreationTime : 5/10/2005 2:07:07 PM
BasePriority : Normal
FileVersion : 7.2.12 17Mar03
ProductVersion : 7.2.12 17Mar03
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2003
OriginalFilename : SynTPEnh.exe

#:33 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 1600
ThreadCreationTime : 5/10/2005 2:07:08 PM
BasePriority : Normal
FileVersion : 6.14.10.4019
ProductVersion : 6.14.10.4019
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:34 [dadapp.exe]
FilePath : C:\Program Files\Dell\AccessDirect\
ProcessID : 1612
ThreadCreationTime : 5/10/2005 2:07:08 PM
BasePriority : Normal


#:35 [prpcui.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1628
ThreadCreationTime : 5/10/2005 2:07:08 PM
BasePriority : Normal
FileVersion : 2.3.0.0
ProductVersion : 2.3.0.0
ProductName : Intel® SpeedStep™ technology applet
CompanyName : Intel Corporation
FileDescription : Intel® SpeedStep™ technology User Interface
InternalName : prpcui.exe
LegalCopyright : Copyright© Intel Corporation 1998-2001
LegalTrademarks : Intel® SpeedStep™ technology
OriginalFilename : prpcui.exe
Comments : Intel SpeedStep technology Applet v2.3

#:36 [dsentry.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1636
ThreadCreationTime : 5/10/2005 2:07:09 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : Dell - DVDSentry
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
LegalCopyright : Copyright © 2002 Dell
OriginalFilename : DSentry.exe
Comments : DVDSentry launches your software DVD player when a DVD is inserted.

#:37 [dadtray.exe]
FilePath : C:\Program Files\Dell\AccessDirect\
ProcessID : 1660
ThreadCreationTime : 5/10/2005 2:07:11 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DadTray Application
FileDescription : DadTray MFC Application
InternalName : DadTray
LegalCopyright : Copyright © 1999-2002
OriginalFilename : DadTray.EXE

#:38 [createcd50.exe]
FilePath : C:\Program Files\Common Files\Adaptec Shared\CreateCD\
ProcessID : 1668
ThreadCreationTime : 5/10/2005 2:07:11 PM
BasePriority : Normal
FileVersion : 5.3.4.21
ProductVersion : 5.3.4.21
ProductName : Easy CD Creator
CompanyName : Roxio
FileDescription : Roxio Create CD
InternalName : createcd.exe
LegalCopyright : Copyright © 1999-2002 Roxio, Inc.
OriginalFilename : createcd.exe

#:39 [directcd.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\
ProcessID : 1684
ThreadCreationTime : 5/10/2005 2:07:15 PM
BasePriority : Normal
FileVersion : 5.3.4.21
ProductVersion : 5.3.4.21
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001,2002, Roxio, Inc.
OriginalFilename : Directcd.exe

#:40 [vptray.exe]
FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\
ProcessID : 1688
ThreadCreationTime : 5/10/2005 2:07:16 PM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2003

#:41 [khost.exe]
FilePath : C:\WINNT\kdx\
ProcessID : 1716
ThreadCreationTime : 5/10/2005 2:07:21 PM
BasePriority : Normal
FileVersion : 2.11.30820.0
ProductVersion : 2.11.30820.0
ProductName : Secure Delivery Plug-In
CompanyName : Kontiki Inc.
FileDescription : Secure Delivery Plug-In
InternalName : khost.exe
LegalCopyright : Copyright 2001-03 Kontiki, Inc.
OriginalFilename : khost.exe
Comments : Secure Delivery Plug-In

#:42 [logi_mwx.exe]
FilePath : C:\WINNT\
ProcessID : 1724
ThreadCreationTime : 5/10/2005 2:07:21 PM
BasePriority : Normal
FileVersion : 9.78.033
ProductVersion : 9.78.033
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Launcher Application
InternalName : Logi_MWX
LegalCopyright : © 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Logi_MWX.exe
Comments : Created by the MouseWare team

#:43 [agquickp.exe]
FilePath : C:\Program Files\ActivCard\ActivCard Gold\
ProcessID : 1752
ThreadCreationTime : 5/10/2005 2:07:25 PM
BasePriority : Normal
FileVersion : 1, 7, 9, 0
ProductVersion : 2, 2, 0, 0
ProductName : ActivCard Gold
CompanyName : ActivCard S.A.
FileDescription : ActivCard Gold Quick Fill
InternalName : agQuickP
LegalCopyright : Copyright © 1998-2002 ActivCard (All rights reserved)
OriginalFilename : agquickp.exe

#:44 [sxplog32.exe]
FilePath : C:\SxpInst\
ProcessID : 1764
ThreadCreationTime : 5/10/2005 2:07:26 PM
BasePriority : Normal
FileVersion : 6.4/26
ProductVersion : 4.0
ProductName : Software Delivery
CompanyName : Computer Associates International, Inc.
LegalCopyright : © 2003 Computer Associates International, Inc.
Comments : Common Version Info

#:45 [keavt.exe]
FilePath : C:\Program Files\Attachmate\KEA! VT\
ProcessID : 1732
ThreadCreationTime : 5/10/2005 2:07:26 PM
BasePriority : Normal
FileVersion : 5.00.0.098
ProductVersion : 5.00.0.098
ProductName : KEA!
CompanyName : Attachmate Corporation
FileDescription : KEA! 420
InternalName : KT420
LegalCopyright : Copyright © 1997 Attachmate Corporation
LegalTrademarks : KEA! is a trademark of Attachmate Corporation
OriginalFilename : KT420

#:46 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 1768
ThreadCreationTime : 5/10/2005 2:07:28 PM
BasePriority : Normal
FileVersion : 4.7.0.42
ProductVersion : 4.7.0.42
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:47 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1200
ThreadCreationTime : 5/10/2005 2:07:30 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:48 [x1002142005.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1780
ThreadCreationTime : 5/10/2005 2:07:31 PM
BasePriority : Normal


#:49 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 1848
ThreadCreationTime : 5/10/2005 2:07:37 PM
BasePriority : Normal
FileVersion : 4.7.0.42
ProductVersion : 4.7.0.42
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:50 [d3yh32.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1864
ThreadCreationTime : 5/10/2005 2:07:39 PM
BasePriority : Normal


#:51 [ctfmon.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1836
ThreadCreationTime : 5/10/2005 2:07:40 PM
BasePriority : Normal
FileVersion : 1.00.2409.7 built by: Lab06_N
ProductVersion : 1.00.2409.7
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Cicero Loader
InternalName : CICLOAD
LegalCopyright : Copyright © Microsoft Corporation. 1981-2001
OriginalFilename : CICLOAD.EXE

#:52 [wpc11cfg.exe]
FilePath : C:\Program Files\Linksys\Wireless-B Notebook Adapter\
ProcessID : 2076
ThreadCreationTime : 5/10/2005 2:07:45 PM
BasePriority : Normal
FileVersion : 1.0.5.104
ProductVersion : 1.0.5.0
ProductName : Linksys Instant WLAN Monitor
CompanyName : The Linksys Group, Inc.
FileDescription : Linksys Instant WLAN Monitor
InternalName : WLANMonitor.EXE
LegalCopyright : Copyright © 2002, Linksys
LegalTrademarks : Instant Wireless
OriginalFilename : WLANMonitor.EXE
Comments : Linksys Instant WLAN Monitor

#:53 [acrotray.exe]
FilePath : C:\Program Files\Adobe\Acrobat 6.0\Distillr\
ProcessID : 2124
ThreadCreationTime : 5/10/2005 2:07:51 PM
BasePriority : Normal
FileVersion : 6.0.0.2003051500
ProductVersion : 6.0.0.0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe

#:54 [keasys.exe]
FilePath : C:\Program Files\Attachmate\KEA! VT\
ProcessID : 2128
ThreadCreationTime : 5/10/2005 2:07:52 PM
BasePriority : Normal
FileVersion : 5.00.0.098
ProductVersion : 5.00.0.098
ProductName : KEA!
CompanyName : Attachmate Corporation
FileDescription : KEA! OLE Automation server
InternalName : KEASYS
LegalCopyright : Copyright © 1997 Attachmate Corporation
LegalTrademarks : KEA! is a trademark of Attachmate Corporation
OriginalFilename : KEASYS

#:55 [hpotdd01.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 2160
ThreadCreationTime : 5/10/2005 2:07:56 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett-Packard hpotdd01
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
LegalCopyright : Copyright © 2002
OriginalFilename : hpotdd01.exe

#:56 [hpobnz08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 2188
ThreadCreationTime : 5/10/2005 2:07:59 PM
BasePriority : Normal
FileVersion : 4.2.0.021
ProductVersion : 2.4.1.021
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOBNZ08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOBNZ08.EXE
Comments : HP OfficeJet <Banzai> Series COM Device Objects

#:57 [hotsync.exe]
FilePath : C:\Program Files\Palm\
ProcessID : 1224
ThreadCreationTime : 5/10/2005 2:08:01 PM
BasePriority : Normal
FileVersion : 3.1.1Hb
ProductVersion : 3.1.0Hb
ProductName : HotSync® Manager
CompanyName : Palm Computing, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-1999 Palm Computing, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm Computing, Inc.
OriginalFilename : Hotsync.exe

#:58 [hpoevm08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 2260
ThreadCreationTime : 5/10/2005 2:08:26 PM
BasePriority : Normal
FileVersion : 4.2.0.021
ProductVersion : 2.4.1.021
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOEVM08.EXE
Comments : HP OfficeJet COM Event Manager

#:59 [hpzipm12.exe]
FilePath : C:\WINNT\system32\
ProcessID : 2320
ThreadCreationTime : 5/10/2005 2:08:30 PM
BasePriority : Normal
FileVersion : 6, 0, 0, 0
ProductVersion : 6, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe

#:60 [hposts08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\
ProcessID : 2336
ThreadCreationTime : 5/10/2005 2:08:56 PM
BasePriority : Normal
FileVersion : 4.2.0.021
ProductVersion : 2.4.1.021
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOSTS08.EXE
Comments : HP OfficeJet Status

#:61 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2056
ThreadCreationTime : 5/10/2005 2:11:10 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:62 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1816
ThreadCreationTime : 5/10/2005 2:17:38 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:63 [iett.exe]
FilePath : C:\WINNT\system32\
ProcessID : 468
ThreadCreationTime : 5/10/2005 2:17:44 PM
BasePriority : Normal


VX2 Object Recognized!
Type : Process
Data : iett.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINNT\system32\


Warning! VX2 Object found in memory(C:\WINNT\system32\iett.exe)

Warning! "C:\WINNT\system32\iett.exe"Process could not be terminated!
"C:\WINNT\system32\iett.exe"Process terminated successfully

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 35


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 35


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 35


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 35



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : File
Data : euslr.dat
Category : Malware
Comment :
Object : C:\WINNT\SYSTEM32\



CoolWebSearch Object Recognized!
Type : File
Data : dpndlm.dat
Category : Malware
Comment :
Object : C:\WINNT\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 37

Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Search the web.url
Category : Misc
Comment : Problematic URL discovered: http://www.lookfor.cc/
Object : C:\Documents and Settings\fred larsen\Favorites\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Only sex website.url
Category : Misc
Comment : Problematic URL discovered: http://www.onlysex.ws/
Object : C:\Documents and Settings\fred larsen\Favorites\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Seven days of free [bleep].url
Category : Misc
Comment : Problematic URL discovered: http://www.7days.ws/
Object : C:\Documents and Settings\fred larsen\Favorites\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks
Value : {901C51B2-6603-878A-1D29-E8389846D1A2}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : UninstallString

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search
Value : SearchAssistant

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : about:blank
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Start Page
Data : about:blank

CoolWebSearch Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : c:\documents and settings\fred larsen\local settings\temporary internet files\msft\images-sprem

CoolWebSearch Object Recognized!
Type : File
Data : up.gif
Category : Malware
Comment :
Object : c:\documents and settings\fred larsen\local settings\temporary internet files\msft\images-sprem\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 19
Objects found so far: 59

11:08:35 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:16:22.182
Objects scanned:211723
Objects identified:25
Objects ignored:0
New critical objects:25
  • 0

Advertisements

#2
onlytruth
Posted 10 May 2005 - 10:23 AM

onlytruth

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
If it matters, my computer OS is actually 2000 professional, not NT, unless the professional is part of NT.
  • 0

#3
Guest_Andy_veal_*
Posted 10 May 2005 - 10:44 AM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R43 06.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please firstly only remove CWS

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#4
onlytruth
Posted 10 May 2005 - 12:32 PM

onlytruth

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Will do! Thanks.
  • 0

#5
onlytruth
Posted 12 May 2005 - 06:23 PM

onlytruth

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I have done everything. Ran the cccleaner. Booted in safe mode. Ran ad-aware via the run menu. Cleaned everything. Rebooted (in safe mode), reran ad-aware. Found 0 critical items.

Restarted in normal windows mode, reran ad-aware and this is the logfile that follows (the [bleep] VX2 and cool websearch) are back.


Ad-Aware SE Build 1.05
Logfile Created on:Thursday, May 12, 2005 7:54:16 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):18 total references
VX2(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-12-2005 7:54:16 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 176
ThreadCreationTime : 5-12-2005 11:51:43 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 200
ThreadCreationTime : 5-12-2005 11:51:46 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 196
ThreadCreationTime : 5-12-2005 11:51:49 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 248
ThreadCreationTime : 5-12-2005 11:51:50 PM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 260
ThreadCreationTime : 5-12-2005 11:51:50 PM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [scardsvr.exe]
FilePath : C:\WINNT\System32\
ProcessID : 392
ThreadCreationTime : 5-12-2005 11:51:53 PM
BasePriority : Normal
FileVersion : 5.00.2195.6609
ProductVersion : 5.00.2195.6609
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Smart Card Resource Management Server
InternalName : SCardSvr.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : SCardSvr.exe

#:7 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 452
ThreadCreationTime : 5-12-2005 11:51:54 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 500
ThreadCreationTime : 5-12-2005 11:51:54 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:9 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 532
ThreadCreationTime : 5-12-2005 11:51:54 PM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:10 [acautoreg.exe]
FilePath : C:\Program Files\Common Files\ActivCard\
ProcessID : 580
ThreadCreationTime : 5-12-2005 11:51:55 PM
BasePriority : Normal
FileVersion : 1, 0, 5, 0
ProductVersion : 2, 2, 0, 0
ProductName : ActivCard Gold
CompanyName : ActivCard S.A.
FileDescription : ActivCard Gold - New Card Registration
InternalName : acautoreg
LegalCopyright : Copyright © 1998-2002 ActivCard (All rights reserved)
OriginalFilename : acautoreg.EXE

#:11 [accoca.exe]
FilePath : C:\Program Files\Common Files\ActivCard\
ProcessID : 600
ThreadCreationTime : 5-12-2005 11:51:55 PM
BasePriority : Normal
FileVersion : 2, 1, 8, 0
ProductVersion : 2, 2, 0, 0
ProductName : ActivCard Gold
CompanyName : ActivCard
FileDescription : ActivCard Cache Server
InternalName : accoca
LegalCopyright : Copyright © 1998-2002 ActivCard (All rights reserved)
OriginalFilename : accoca.exe
Comments : ActivCard Secure Cache Server

#:12 [ati2evxx.exe]
FilePath : C:\WINNT\System32\
ProcessID : 612
ThreadCreationTime : 5-12-2005 11:51:55 PM
BasePriority : Normal


#:13 [cam.exe]
FilePath : C:\Program Files\CA\SharedComponents\CAM\bin\
ProcessID : 640
ThreadCreationTime : 5-12-2005 11:51:55 PM
BasePriority : Normal
FileVersion : 3.11.26.10
ProductVersion : 3.11.26.10
ProductName : Unicenter Message Queuing
CompanyName : Computer Associates International, Inc.
FileDescription : CA Message Queuing Server
InternalName : cam
LegalCopyright : Copyright © 2002 Computer Associates International, Inc.
OriginalFilename : cam.exe
Comments : CA Message Queuing Server

#:14 [cvpnd.exe]
FilePath : C:\Program Files\Cisco Systems\VPN Client\
ProcessID : 652
ThreadCreationTime : 5-12-2005 11:51:55 PM
BasePriority : Normal
FileVersion : 4.0.3 (A)
ProductVersion : 4.0.3 (A)
ProductName : Cisco Systems VPN Client
CompanyName : Cisco Systems, Inc.
FileDescription : Cisco Systems VPN Client
InternalName : cvpnd
LegalCopyright : Copyright © 1998-2003 Cisco Systems, Inc.
OriginalFilename : CVPND.EXE

#:15 [defwatch.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 692
ThreadCreationTime : 5-12-2005 11:52:00 PM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:16 [dmprimer.exe]
FilePath : C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\
ProcessID : 708
ThreadCreationTime : 5-12-2005 11:52:00 PM
BasePriority : Normal
FileVersion : 1, 4, 0, 155
ProductVersion : 1, 4, 0, 155
ProductName : DMPrimer
CompanyName : Computer Associates
FileDescription : DMPrimer
InternalName : DMPrimer
LegalCopyright : Copyright © 2003 Computer Associates International, Inc. All rigts reserved.
OriginalFilename : DMPrimer.exe

#:17 [logwatnt.exe]
FilePath : C:\WINNT\
ProcessID : 760
ThreadCreationTime : 5-12-2005 11:52:02 PM
BasePriority : Normal


#:18 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 784
ThreadCreationTime : 5-12-2005 11:52:03 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:19 [rtvscan.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 816
ThreadCreationTime : 5-12-2005 11:52:03 PM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2003

#:20 [rchost.exe]
FilePath : C:\Program Files\CA\Unicenter Remote Control\
ProcessID : 840
ThreadCreationTime : 5-12-2005 11:52:04 PM
BasePriority : ?
FileVersion : 6, 0, 77, 0
ProductVersion : 6, 0, 77, 0
ProductName : Unicenter Remote Control
CompanyName : Computer Associates International, Inc.
FileDescription : Unicenter Remote Control Host
InternalName : rcHost
LegalCopyright : Copyright © Computer Associates 2003
OriginalFilename : rcHost.exe

#:21 [rcmanclient.exe]
FilePath : C:\TNGRCO\
ProcessID : 872
ThreadCreationTime : 5-12-2005 11:52:06 PM
BasePriority : Normal
FileVersion : 5.2.3.32
ProductVersion : 5.2
ProductName : Unicenter Remote Control
CompanyName : Computer Associates International, Inc.
LegalCopyright : Copyright © Computer Associates Int'l, Inc. 2002
LegalTrademarks : TNG ™ is a trademark of Computer Associates International, Inc.
Comments : Build 5.2.3.32

#:22 [rcoservice.exe]
FilePath : C:\TNGRCO\
ProcessID : 900
ThreadCreationTime : 5-12-2005 11:52:06 PM
BasePriority : Normal
FileVersion : 5.2.4.22
ProductVersion : 5.2
ProductName : Unicenter Remote Control
CompanyName : Computer Associates International, Inc.
LegalCopyright : Copyright © Computer Associates Int'l, Inc. 2002
LegalTrademarks : TNG ™ is a trademark of Computer Associates International, Inc.
Comments : Build 5.2.4.22

#:23 [rp32u.exe]
FilePath : C:\TNGRCO\
ProcessID : 920
ThreadCreationTime : 5-12-2005 11:52:06 PM
BasePriority : Normal
FileVersion : 5.2.4.22
ProductVersion : 5.2
ProductName : Unicenter Remote Control
CompanyName : Computer Associates International, Inc.
LegalCopyright : Copyright © Computer Associates Int'l, Inc. 2002
LegalTrademarks : TNG ™ is a trademark of Computer Associates International, Inc.
Comments : Build 5.2.4.22

#:24 [regsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 928
ThreadCreationTime : 5-12-2005 11:52:06 PM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:25 [mstask.exe]
FilePath : C:\WINNT\system32\
ProcessID : 940
ThreadCreationTime : 5-12-2005 11:52:06 PM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:26 [sdserv.exe]
FilePath : C:\TNGSD\BIN\
ProcessID : 964
ThreadCreationTime : 5-12-2005 11:52:07 PM
BasePriority : Normal


#:27 [stisvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1000
ThreadCreationTime : 5-12-2005 11:52:08 PM
BasePriority : Normal
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE

#:28 [umcstub.exe]
FilePath : C:\WINNT\
ProcessID : 1068
ThreadCreationTime : 5-12-2005 11:52:09 PM
BasePriority : Normal
FileVersion : 2.9
ProductVersion : 4.0
ProductName : Unicenter Asset Management
CompanyName : Computer Associates International, Inc.
FileDescription : Service Agent Loader
InternalName : UMCSTUB
LegalCopyright : Copyright 2003 Computer Associates International, Inc.
LegalTrademarks : Unicenter ® is a registered trademark of Computer Associates International, Inc.
OriginalFilename : UMCSTUB.EXE

#:29 [triggag.exe]
FilePath : C:\TNGSD\BIN\
ProcessID : 1164
ThreadCreationTime : 5-12-2005 11:52:12 PM
BasePriority : Normal
FileVersion : 4, 0, 1931, 0
ProductVersion : 4, 0, 1931, 0
ProductName : Unicenter Software Delivery
CompanyName : Computer Associates International, Inc.
FileDescription : TRIGGAG
InternalName : TRIGGAG
LegalCopyright : Copyright 2003
OriginalFilename : TRIGGAG.exe

#:30 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 1396
ThreadCreationTime : 5-12-2005 11:52:22 PM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:31 [syntplpr.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 1472
ThreadCreationTime : 5-12-2005 11:52:36 PM
BasePriority : Normal
FileVersion : 7.2.12 17Mar03
ProductVersion : 7.2.12 17Mar03
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2003
OriginalFilename : SynTPLpr.exe

#:32 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 1500
ThreadCreationTime : 5-12-2005 11:52:40 PM
BasePriority : Normal
FileVersion : 7.2.12 17Mar03
ProductVersion : 7.2.12 17Mar03
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2003
OriginalFilename : SynTPEnh.exe

#:33 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 1524
ThreadCreationTime : 5-12-2005 11:52:42 PM
BasePriority : Normal
FileVersion : 6.14.10.4019
ProductVersion : 6.14.10.4019
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:34 [dadapp.exe]
FilePath : C:\Program Files\Dell\AccessDirect\
ProcessID : 1552
ThreadCreationTime : 5-12-2005 11:52:43 PM
BasePriority : Normal


#:35 [prpcui.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1564
ThreadCreationTime : 5-12-2005 11:52:44 PM
BasePriority : Normal
FileVersion : 2.3.0.0
ProductVersion : 2.3.0.0
ProductName : Intel® SpeedStep™ technology applet
CompanyName : Intel Corporation
FileDescription : Intel® SpeedStep™ technology User Interface
InternalName : prpcui.exe
LegalCopyright : Copyright© Intel Corporation 1998-2001
LegalTrademarks : Intel® SpeedStep™ technology
OriginalFilename : prpcui.exe
Comments : Intel SpeedStep technology Applet v2.3

#:36 [dsentry.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1568
ThreadCreationTime : 5-12-2005 11:52:44 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : Dell - DVDSentry
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
LegalCopyright : Copyright © 2002 Dell
OriginalFilename : DSentry.exe
Comments : DVDSentry launches your software DVD player when a DVD is inserted.

#:37 [createcd50.exe]
FilePath : C:\Program Files\Common Files\Adaptec Shared\CreateCD\
ProcessID : 1576
ThreadCreationTime : 5-12-2005 11:52:44 PM
BasePriority : Normal
FileVersion : 5.3.4.21
ProductVersion : 5.3.4.21
ProductName : Easy CD Creator
CompanyName : Roxio
FileDescription : Roxio Create CD
InternalName : createcd.exe
LegalCopyright : Copyright © 1999-2002 Roxio, Inc.
OriginalFilename : createcd.exe

#:38 [dadtray.exe]
FilePath : C:\Program Files\Dell\AccessDirect\
ProcessID : 1596
ThreadCreationTime : 5-12-2005 11:52:46 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DadTray Application
FileDescription : DadTray MFC Application
InternalName : DadTray
LegalCopyright : Copyright © 1999-2002
OriginalFilename : DadTray.EXE

#:39 [directcd.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\
ProcessID : 1612
ThreadCreationTime : 5-12-2005 11:52:48 PM
BasePriority : Normal
FileVersion : 5.3.4.21
ProductVersion : 5.3.4.21
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001,2002, Roxio, Inc.
OriginalFilename : Directcd.exe

#:40 [vptray.exe]
FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\
ProcessID : 1632
ThreadCreationTime : 5-12-2005 11:52:50 PM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2003

#:41 [khost.exe]
FilePath : C:\WINNT\kdx\
ProcessID : 1692
ThreadCreationTime : 5-12-2005 11:52:57 PM
BasePriority : Normal
FileVersion : 2.11.30820.0
ProductVersion : 2.11.30820.0
ProductName : Secure Delivery Plug-In
CompanyName : Kontiki Inc.
FileDescription : Secure Delivery Plug-In
InternalName : khost.exe
LegalCopyright : Copyright 2001-03 Kontiki, Inc.
OriginalFilename : khost.exe
Comments : Secure Delivery Plug-In

#:42 [logi_mwx.exe]
FilePath : C:\WINNT\
ProcessID : 1704
ThreadCreationTime : 5-12-2005 11:52:57 PM
BasePriority : Normal
FileVersion : 9.78.033
ProductVersion : 9.78.033
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Launcher Application
InternalName : Logi_MWX
LegalCopyright : © 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Logi_MWX.exe
Comments : Created by the MouseWare team

#:43 [agquickp.exe]
FilePath : C:\Program Files\ActivCard\ActivCard Gold\
ProcessID : 1720
ThreadCreationTime : 5-12-2005 11:52:59 PM
BasePriority : Normal
FileVersion : 1, 7, 9, 0
ProductVersion : 2, 2, 0, 0
ProductName : ActivCard Gold
CompanyName : ActivCard S.A.
FileDescription : ActivCard Gold Quick Fill
InternalName : agQuickP
LegalCopyright : Copyright © 1998-2002 ActivCard (All rights reserved)
OriginalFilename : agquickp.exe

#:44 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 1736
ThreadCreationTime : 5-12-2005 11:53:01 PM
BasePriority : Normal
FileVersion : 4.7.0.42
ProductVersion : 4.7.0.42
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:45 [sxplog32.exe]
FilePath : C:\SxpInst\
ProcessID : 1744
ThreadCreationTime : 5-12-2005 11:53:01 PM
BasePriority : Normal
FileVersion : 6.4/26
ProductVersion : 4.0
ProductName : Software Delivery
CompanyName : Computer Associates International, Inc.
LegalCopyright : © 2003 Computer Associates International, Inc.
Comments : Common Version Info

#:46 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 372
ThreadCreationTime : 5-12-2005 11:53:03 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:47 [x1002142005.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1748
ThreadCreationTime : 5-12-2005 11:53:05 PM
BasePriority : Normal


#:48 [amagent.exe]
FilePath : C:\Program Files\CA\Unicenter Asset Management\Agents\
ProcessID : 1784
ThreadCreationTime : 5-12-2005 11:53:06 PM
BasePriority : Normal
FileVersion : 1.0
ProductVersion : 4.0
ProductName : Unicenter Asset Management - Agents
CompanyName : Computer Associates International, Inc.
FileDescription : Agent Spawner for 32-bit Windows
InternalName : AMAGENT
LegalCopyright : Copyright 2003 Computer Associates International, Inc.
LegalTrademarks : Unicenter ® is a registered trademark of Computer Associates International, Inc.
OriginalFilename : AMAGENT.EXE

#:49 [d3yh32.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1816
ThreadCreationTime : 5-12-2005 11:53:10 PM
BasePriority : Normal


#:50 [ctfmon.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1824
ThreadCreationTime : 5-12-2005 11:53:10 PM
BasePriority : Normal
FileVersion : 1.00.2409.7 built by: Lab06_N
ProductVersion : 1.00.2409.7
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Cicero Loader
InternalName : CICLOAD
LegalCopyright : Copyright © Microsoft Corporation. 1981-2001
OriginalFilename : CICLOAD.EXE

#:51 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 1836
ThreadCreationTime : 5-12-2005 11:53:11 PM
BasePriority : Normal
FileVersion : 4.7.0.42
ProductVersion : 4.7.0.42
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:52 [wpc11cfg.exe]
FilePath : C:\Program Files\Linksys\Wireless-B Notebook Adapter\
ProcessID : 1864
ThreadCreationTime : 5-12-2005 11:53:15 PM
BasePriority : Normal
FileVersion : 1.0.5.104
ProductVersion : 1.0.5.0
ProductName : Linksys Instant WLAN Monitor
CompanyName : The Linksys Group, Inc.
FileDescription : Linksys Instant WLAN Monitor
InternalName : WLANMonitor.EXE
LegalCopyright : Copyright © 2002, Linksys
LegalTrademarks : Instant Wireless
OriginalFilename : WLANMonitor.EXE
Comments : Linksys Instant WLAN Monitor

#:53 [umcliwnt.exe]
FilePath : C:\Program Files\CA\Unicenter Asset Management\Agents\
ProcessID : 1936
ThreadCreationTime : 5-12-2005 11:53:20 PM
BasePriority : Normal
FileVersion : 1.41
ProductVersion : 4.0
ProductName : Unicenter Asset Management
CompanyName : Computer Associates International, Inc.
FileDescription : Agent for Windows NT
InternalName : UMCLIWNT
LegalCopyright : Copyright 2003 Computer Associates International, Inc.
LegalTrademarks : Unicenter ® is a registered trademark of Computer Associates International, Inc.
OriginalFilename : UMCLIWNT.EXE

#:54 [ipks.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1968
ThreadCreationTime : 5-12-2005 11:53:21 PM
BasePriority : Normal


VX2 Object Recognized!
Type : Process
Data : ipks.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINNT\system32\


Warning! VX2 Object found in memory(C:\WINNT\system32\ipks.exe)

Warning! "C:\WINNT\system32\ipks.exe"Process could not be terminated!
"C:\WINNT\system32\ipks.exe"Process terminated successfully

#:55 [acrotray.exe]
FilePath : C:\Program Files\Adobe\Acrobat 6.0\Distillr\
ProcessID : 2096
ThreadCreationTime : 5-12-2005 11:53:30 PM
BasePriority : Normal
FileVersion : 6.0.0.2003051500
ProductVersion : 6.0.0.0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe

#:56 [hpotdd01.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 2124
ThreadCreationTime : 5-12-2005 11:53:35 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett-Packard hpotdd01
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
LegalCopyright : Copyright © 2002
OriginalFilename : hpotdd01.exe

#:57 [hpobnz08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 2132
ThreadCreationTime : 5-12-2005 11:53:35 PM
BasePriority : Normal
FileVersion : 4.2.0.021
ProductVersion : 2.4.1.021
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOBNZ08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOBNZ08.EXE
Comments : HP OfficeJet <Banzai> Series COM Device Objects

#:58 [reader_sl.exe]
FilePath : C:\Program Files\Adobe\Acrobat 7.0\Reader\
ProcessID : 2152
ThreadCreationTime : 5-12-2005 11:53:37 PM
BasePriority : Normal
FileVersion : 7.0.0.0
ProductVersion : 7.0.0.0
ProductName : Adobe Acrobat
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Acrobat SpeedLauncher
LegalCopyright : Copyright Adobe Systems Incorporated 2004
OriginalFilename : AcroSpeedLaunch.exe

#:59 [hotsync.exe]
FilePath : C:\Program Files\Palm\
ProcessID : 2160
ThreadCreationTime : 5-12-2005 11:53:37 PM
BasePriority : Normal
FileVersion : 3.1.1Hb
ProductVersion : 3.1.0Hb
ProductName : HotSync® Manager
CompanyName : Palm Computing, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-1999 Palm Computing, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm Computing, Inc.
OriginalFilename : Hotsync.exe

#:60 [hpoevm08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 1804
ThreadCreationTime : 5-12-2005 11:53:51 PM
BasePriority : Normal
FileVersion : 4.2.0.021
ProductVersion : 2.4.1.021
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOEVM08.EXE
Comments : HP OfficeJet COM Event Manager

#:61 [hposts08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\
ProcessID : 1052
ThreadCreationTime : 5-12-2005 11:53:57 PM
BasePriority : Normal
FileVersion : 4.2.0.021
ProductVersion : 2.4.1.021
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOSTS08.EXE
Comments : HP OfficeJet Status

#:62 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2204
ThreadCreationTime : 5-12-2005 11:54:00 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 2


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks
Value : {6B1330E0-F53C-80E7-7CAA-15054BA45436}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : UninstallString

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search
Value : SearchAssistant

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft
Value : set

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : about:blank
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Start Page
Data : about:blank

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 18
Objects found so far: 20

8:07:21 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:04.908
Objects scanned:143109
Objects identified:20
Objects ignored:0
New critical objects:20
  • 0

#6
Guest_Andy_veal_*
Posted 18 May 2005 - 10:34 AM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R46 17.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP