Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

smitfraud.c problems never fully resolved

Started by Kizza* , May 10 2005 01:17 PM

  • This topic is locked This topic is locked

#1
Kizza*
Posted 10 May 2005 - 01:17 PM

Kizza*

    Member

  • Member
  • PipPip
  • 17 posts
Hi again. Sorry If i'm breaking any guidelines but i've decided to post my on going investigations into my smitfraud.c problems back on the ad-adware forum.

My original posting can be found at Hijack this under Kizza* - [Referred]smitfraud.c problems

What happen was I got the smitfraud.c bug - blue screen, warning text, yellow triangle in my toolbar saying I have 4 exploits.. pop ups.

Firstly I followed the hijack this directions (ad-aware, cw shredder, spybot s&d etc)and was then referred to this forum. So I then followed the ad-adware directions which enabled me to clear the blue screen (I now have a black screen with limited display settings and MSN messenger starts at each boot up). I was then referred back to hijack this forum, so I followed the instructions and then received no more replies. Except one which asked me to return to the very first set of hijack this directions (ad-aware, cw shredder, spybot s&d etc)... Having done all this already I thought best to post that I had not received a reply for over 5 days.. and am waiting to recieve a reply on that front.

Meanwhile i have run another full ad-aware scan and here are the results. Should I quarentine at the end of a scan?

Any help please...?

Thanks

Kizza*



Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, May 10, 2005 7:15:02 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:48 %
Total physical memory:523744 kb
Available physical memory:248652 kb
Total page file size:1280820 kb
Available on page file:1011780 kb
Total virtual memory:2097024 kb
Available virtual memory:2043344 kb
OS:Microsoft Windows XP Professional (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-10-05 7:15:02 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 312
ThreadCreationTime : 5-10-05 5:34:40 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 372
ThreadCreationTime : 5-10-05 5:34:42 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 396
ThreadCreationTime : 5-10-05 5:34:44 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 440
ThreadCreationTime : 5-10-05 5:34:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 452
ThreadCreationTime : 5-10-05 5:34:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [pavprot.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe"
ProcessID : 616
ThreadCreationTime : 5-10-05 5:34:45 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : PavProt Application
CompanyName : Panda Software
FileDescription : PavProt Application
InternalName : PAVPROT
LegalCopyright : © 2005 Panda Software. All rights reserved.
OriginalFilename : PavProt.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 752
ThreadCreationTime : 5-10-05 5:34:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 796
ThreadCreationTime : 5-10-05 5:34:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1076
ThreadCreationTime : 5-10-05 5:35:01 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1236
ThreadCreationTime : 5-10-05 5:35:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1368
ThreadCreationTime : 5-10-05 5:35:05 PM
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1404
ThreadCreationTime : 5-10-05 5:35:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1412
ThreadCreationTime : 5-10-05 5:35:05 PM
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:14 [msole32.exe]
ModuleName : C:\WINDOWS\System32\msole32.exe
Command Line : "C:\WINDOWS\System32\msole32.exe"
ProcessID : 1476
ThreadCreationTime : 5-10-05 5:35:06 PM
BasePriority : Normal


#:15 [kxmixer.exe]
ModuleName : C:\WINDOWS\System32\kxmixer.exe
Command Line : "C:\WINDOWS\System32\kxmixer.exe" --startup
ProcessID : 1496
ThreadCreationTime : 5-10-05 5:35:06 PM
BasePriority : Normal
FileVersion : 5, 10, 00, 3534 - debug
ProductVersion : 5, 10, 00, 3534 - debug
ProductName : kX mixer
CompanyName : Eugene Gavrilov
FileDescription : kX mixer
InternalName : kX mixer
LegalCopyright : Copyright © Eugene Gavrilov, 2001-2003.
OriginalFilename : kxmixer.exe

#:16 [lxbkbmgr.exe]
ModuleName : C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
Command Line : "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
ProcessID : 1520
ThreadCreationTime : 5-10-05 5:35:06 PM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X1100 Series Button Manager
InternalName : lxbkbmgr.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbkbmgr.exe

#:17 [apvxdwin.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
ProcessID : 1544
ThreadCreationTime : 5-10-05 5:35:06 PM
BasePriority : Normal
FileVersion : 5.3.14
ProductVersion : 5.3.14
ProductName : Panda Antivirus Aplication
CompanyName : Panda Software International
FileDescription : ApVxdWin
InternalName : ApVxdWin.exe
LegalCopyright : © Panda Software 2005
OriginalFilename : ApVxdWin.exe

#:18 [cisvc.exe]
ModuleName : C:\WINDOWS\System32\cisvc.exe
Command Line : C:\WINDOWS\System32\cisvc.exe
ProcessID : 1736
ThreadCreationTime : 5-10-05 5:35:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:19 [lxbkbmon.exe]
ModuleName : C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
Command Line : "C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe"
ProcessID : 1776
ThreadCreationTime : 5-10-05 5:35:09 PM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X1100 Series Button Monitor
InternalName : lxbkbmon.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbkbmon.exe

#:20 [pavfires.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
Command Line : n/a
ProcessID : 1832
ThreadCreationTime : 5-10-05 5:35:10 PM
BasePriority : Normal
FileVersion : 1, 6, 8, 4
ProductVersion : 2.,0, 0, 5
ProductName : Internet Security Technologies
CompanyName : Panda Software
FileDescription : Personal Firewall Service
InternalName : Pavfires
LegalCopyright : Copyright © 2004 Panda Software
OriginalFilename : Pavfires.exe

#:21 [pavfnsvr.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe"
ProcessID : 1956
ThreadCreationTime : 5-10-05 5:35:20 PM
BasePriority : Normal
FileVersion : 5.03.03
ProductVersion : 5.03.03
ProductName : Panda Software PavFnSvr
CompanyName : Panda Software
FileDescription : Panda Function Service
InternalName : PavFnSvr
LegalCopyright : © Panda Software 2005
OriginalFilename : PavFnSvr.exe

#:22 [pavkre.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe"
ProcessID : 1972
ThreadCreationTime : 5-10-05 5:35:20 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : PavKre Aplicación
CompanyName : Panda Software
FileDescription : PavKre Aplicación
InternalName : PavKre
LegalCopyright : © 2005 Panda Software. All rights reserved.
OriginalFilename : PavKre.exe

#:23 [pavprsrv.exe]
ModuleName : C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
Command Line : "C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe"
ProcessID : 216
ThreadCreationTime : 5-10-05 5:35:30 PM
BasePriority : Normal
FileVersion : 1.3.0.0
ProductVersion : 1.3.0.0
ProductName : PandaShield
CompanyName : Panda Software
FileDescription : Panda Process Protection Service
InternalName : PavPrSrv
LegalCopyright : Copyright © 2004, Panda Software
OriginalFilename : PavPrSrv.exe

#:24 [pavsrv51.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe"
ProcessID : 284
ThreadCreationTime : 5-10-05 5:35:30 PM
BasePriority : High
FileVersion : 1, 3, 2085, 8
ProductVersion : 1.3.2085.8
ProductName : Panda Antivirus for Windows NT/2000/XP/2003
CompanyName : Panda Software
FileDescription : On-Access Antivirus Scanner Service.
InternalName : pavsrv.exe
LegalCopyright : © Panda Software 2004.
OriginalFilename : pavsrv.exe

#:25 [avengine.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\\AVENGINE.EXE"
ProcessID : 300
ThreadCreationTime : 5-10-05 5:35:31 PM
BasePriority : Normal
FileVersion : 1, 3, 2085, 7
ProductVersion : 1.3.2085.7
ProductName : Panda Antivirus for Windows NT/2000/XP/2003
CompanyName : Panda Software
FileDescription : Enhanced On-Access Antivirus Scanner Process.
InternalName : avengine.exe
LegalCopyright : © Panda Software 2004.
OriginalFilename : avengine.exe

#:26 [prevsrv.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe"
ProcessID : 360
ThreadCreationTime : 5-10-05 5:35:31 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 11
ProductVersion : 2, 0, 0, 9
ProductName : prevsrv
CompanyName : Panda Software
FileDescription : Panda Preventium+ © service
InternalName : prevsrv
LegalCopyright : Copyright © Panda Software 2004
OriginalFilename : prevsrv
Comments : Panda Preventium+ © service

#:27 [psimsvc.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe"
ProcessID : 456
ThreadCreationTime : 5-10-05 5:35:31 PM
BasePriority : Normal
FileVersion : 1, 5, 3, 0
ProductVersion : 1, 5, 0, 0
ProductName : Panda Antivirus
CompanyName : Panda Software Internacional
FileDescription : Common Interface Manager
InternalName : PsImSvc
LegalCopyright : © Panda Software 2005.
OriginalFilename : PsImSvc.exe

#:28 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 700
ThreadCreationTime : 5-10-05 5:35:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:29 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 892
ThreadCreationTime : 5-10-05 5:35:32 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:30 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k netsvcs
ProcessID : 1132
ThreadCreationTime : 5-10-05 5:35:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:31 [webproxy.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe"
ProcessID : 2568
ThreadCreationTime : 5-10-05 5:35:44 PM
BasePriority : Normal
FileVersion : 5, 3, 15, 15
ProductVersion : 5, 3, 30, 0
ProductName : Internet Resident
CompanyName : Panda Software
FileDescription : WebProxy
InternalName : WebProxy
LegalCopyright : © Panda Software 2004
OriginalFilename : WebProxy.exe

#:32 [cidaemon.exe]
ModuleName : C:\WINDOWS\System32\cidaemon.exe
Command Line : cidaemon.exe DownLevelDaemon "g:\system volume information\catalog.wci" 196672l 1736l
ProcessID : 1920
ThreadCreationTime : 5-10-05 5:42:26 PM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe

#:33 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3052
ThreadCreationTime : 5-10-05 6:14:47 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows Object Recognized!
Type : RegData
Data : explorer.exe, msmsgs.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe, msmsgs.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
11 entries scanned.
New critical objects:0
Objects found so far: 1




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

7:34:34 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:19:31.685
Objects scanned:147441
Objects identified:1
Objects ignored:0
New critical objects:1
  • 0

Advertisements

#2
Guest_Andy_veal_*
Posted 12 May 2005 - 04:05 PM

Guest_Andy_veal_*
  • Guest
Hello there,

Do you still need assistance?

If so post your latest logfile with the latest definition file.....
  • 0

#3
Kizza*
Posted 15 May 2005 - 01:27 PM

Kizza*

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Yeah I still need your help. Please. Here is the latest logfile. Should I quarentine the results?

Thanks

Kizza*


Ad-Aware SE Build 1.05
Logfile Created on:Sunday, May 15, 2005 7:25:38 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:35 %
Total physical memory:523744 kb
Available physical memory:181260 kb
Total page file size:1280820 kb
Available on page file:921984 kb
Total virtual memory:2097024 kb
Available virtual memory:2043356 kb
OS:Microsoft Windows XP Professional (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-15-05 7:25:38 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 384
ThreadCreationTime : 5-15-05 6:16:38 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 432
ThreadCreationTime : 5-15-05 6:16:41 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 456
ThreadCreationTime : 5-15-05 6:16:46 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 500
ThreadCreationTime : 5-15-05 6:16:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 512
ThreadCreationTime : 5-15-05 6:16:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [pavprot.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe"
ProcessID : 684
ThreadCreationTime : 5-15-05 6:16:48 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : PavProt Application
CompanyName : Panda Software
FileDescription : PavProt Application
InternalName : PAVPROT
LegalCopyright : © 2005 Panda Software. All rights reserved.
OriginalFilename : PavProt.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 816
ThreadCreationTime : 5-15-05 6:17:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 888
ThreadCreationTime : 5-15-05 6:17:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1188
ThreadCreationTime : 5-15-05 6:17:07 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1344
ThreadCreationTime : 5-15-05 6:17:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1528
ThreadCreationTime : 5-15-05 6:17:13 PM
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1568
ThreadCreationTime : 5-15-05 6:17:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1572
ThreadCreationTime : 5-15-05 6:17:13 PM
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:14 [msole32.exe]
ModuleName : C:\WINDOWS\System32\msole32.exe
Command Line : "C:\WINDOWS\System32\msole32.exe"
ProcessID : 1756
ThreadCreationTime : 5-15-05 6:17:17 PM
BasePriority : Normal


#:15 [kxmixer.exe]
ModuleName : C:\WINDOWS\System32\kxmixer.exe
Command Line : "C:\WINDOWS\System32\kxmixer.exe" --startup
ProcessID : 1792
ThreadCreationTime : 5-15-05 6:17:18 PM
BasePriority : Normal
FileVersion : 5, 10, 00, 3534 - debug
ProductVersion : 5, 10, 00, 3534 - debug
ProductName : kX mixer
CompanyName : Eugene Gavrilov
FileDescription : kX mixer
InternalName : kX mixer
LegalCopyright : Copyright © Eugene Gavrilov, 2001-2003.
OriginalFilename : kxmixer.exe

#:16 [lxbkbmgr.exe]
ModuleName : C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
Command Line : "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
ProcessID : 1812
ThreadCreationTime : 5-15-05 6:17:18 PM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X1100 Series Button Manager
InternalName : lxbkbmgr.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbkbmgr.exe

#:17 [apvxdwin.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
ProcessID : 1828
ThreadCreationTime : 5-15-05 6:17:18 PM
BasePriority : Normal
FileVersion : 5.3.14
ProductVersion : 5.3.14
ProductName : Panda Antivirus Aplication
CompanyName : Panda Software International
FileDescription : ApVxdWin
InternalName : ApVxdWin.exe
LegalCopyright : © Panda Software 2005
OriginalFilename : ApVxdWin.exe

#:18 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
ProcessID : 1836
ThreadCreationTime : 5-15-05 6:17:18 PM
BasePriority : Normal
FileVersion : 7,0,0,303
ProductVersion : 7.0.0.303
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:19 [avgemc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVG7\avgemc.exe"
ProcessID : 1848
ThreadCreationTime : 5-15-05 6:17:19 PM
BasePriority : Normal
FileVersion : 7,0,0,303
ProductVersion : 7.0.0.303
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:20 [lxbkbmon.exe]
ModuleName : C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
Command Line : "C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe"
ProcessID : 1936
ThreadCreationTime : 5-15-05 6:17:21 PM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X1100 Series Button Monitor
InternalName : lxbkbmon.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbkbmon.exe

#:21 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
ProcessID : 436
ThreadCreationTime : 5-15-05 6:17:50 PM
BasePriority : Normal
FileVersion : 7,0,0,303
ProductVersion : 7.0.0.303
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:22 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
ProcessID : 372
ThreadCreationTime : 5-15-05 6:17:50 PM
BasePriority : Normal
FileVersion : 7,0,0,301
ProductVersion : 7.0.0.301
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:23 [cisvc.exe]
ModuleName : C:\WINDOWS\System32\cisvc.exe
Command Line : C:\WINDOWS\System32\cisvc.exe
ProcessID : 812
ThreadCreationTime : 5-15-05 6:17:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:24 [pavfires.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
Command Line : n/a
ProcessID : 912
ThreadCreationTime : 5-15-05 6:17:51 PM
BasePriority : Normal
FileVersion : 1, 6, 8, 4
ProductVersion : 2.,0, 0, 5
ProductName : Internet Security Technologies
CompanyName : Panda Software
FileDescription : Personal Firewall Service
InternalName : Pavfires
LegalCopyright : Copyright © 2004 Panda Software
OriginalFilename : Pavfires.exe

#:25 [pavfnsvr.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe"
ProcessID : 960
ThreadCreationTime : 5-15-05 6:18:03 PM
BasePriority : Normal
FileVersion : 5.03.03
ProductVersion : 5.03.03
ProductName : Panda Software PavFnSvr
CompanyName : Panda Software
FileDescription : Panda Function Service
InternalName : PavFnSvr
LegalCopyright : © Panda Software 2005
OriginalFilename : PavFnSvr.exe

#:26 [pavkre.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe"
ProcessID : 1048
ThreadCreationTime : 5-15-05 6:18:03 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : PavKre Aplicación
CompanyName : Panda Software
FileDescription : PavKre Aplicación
InternalName : PavKre
LegalCopyright : © 2005 Panda Software. All rights reserved.
OriginalFilename : PavKre.exe

#:27 [pavprsrv.exe]
ModuleName : C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
Command Line : "C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe"
ProcessID : 2044
ThreadCreationTime : 5-15-05 6:18:13 PM
BasePriority : Normal
FileVersion : 1.3.0.0
ProductVersion : 1.3.0.0
ProductName : PandaShield
CompanyName : Panda Software
FileDescription : Panda Process Protection Service
InternalName : PavPrSrv
LegalCopyright : Copyright © 2004, Panda Software
OriginalFilename : PavPrSrv.exe

#:28 [pavsrv51.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe"
ProcessID : 200
ThreadCreationTime : 5-15-05 6:18:14 PM
BasePriority : High
FileVersion : 1, 3, 2085, 8
ProductVersion : 1.3.2085.8
ProductName : Panda Antivirus for Windows NT/2000/XP/2003
CompanyName : Panda Software
FileDescription : On-Access Antivirus Scanner Service.
InternalName : pavsrv.exe
LegalCopyright : © Panda Software 2004.
OriginalFilename : pavsrv.exe

#:29 [avengine.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\\AVENGINE.EXE"
ProcessID : 288
ThreadCreationTime : 5-15-05 6:18:14 PM
BasePriority : Normal
FileVersion : 1, 3, 2085, 7
ProductVersion : 1.3.2085.7
ProductName : Panda Antivirus for Windows NT/2000/XP/2003
CompanyName : Panda Software
FileDescription : Enhanced On-Access Antivirus Scanner Process.
InternalName : avengine.exe
LegalCopyright : © Panda Software 2004.
OriginalFilename : avengine.exe

#:30 [prevsrv.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe"
ProcessID : 1116
ThreadCreationTime : 5-15-05 6:18:15 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 11
ProductVersion : 2, 0, 0, 9
ProductName : prevsrv
CompanyName : Panda Software
FileDescription : Panda Preventium+ © service
InternalName : prevsrv
LegalCopyright : Copyright © Panda Software 2004
OriginalFilename : prevsrv
Comments : Panda Preventium+ © service

#:31 [psimsvc.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe"
ProcessID : 1108
ThreadCreationTime : 5-15-05 6:18:16 PM
BasePriority : Normal
FileVersion : 1, 5, 3, 0
ProductVersion : 1, 5, 0, 0
ProductName : Panda Antivirus
CompanyName : Panda Software Internacional
FileDescription : Common Interface Manager
InternalName : PsImSvc
LegalCopyright : © Panda Software 2005.
OriginalFilename : PsImSvc.exe

#:32 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1256
ThreadCreationTime : 5-15-05 6:18:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:33 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 1780
ThreadCreationTime : 5-15-05 6:18:18 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:34 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k netsvcs
ProcessID : 2232
ThreadCreationTime : 5-15-05 6:18:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:35 [webproxy.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe"
ProcessID : 2732
ThreadCreationTime : 5-15-05 6:18:27 PM
BasePriority : Normal
FileVersion : 5, 3, 15, 15
ProductVersion : 5, 3, 30, 0
ProductName : Internet Resident
CompanyName : Panda Software
FileDescription : WebProxy
InternalName : WebProxy
LegalCopyright : © Panda Software 2004
OriginalFilename : WebProxy.exe

#:36 [avgw.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG7\avgw.exe
Command Line : "C:\PROGRA~1\Grisoft\AVG7\avgw.exe" /TEST=2
ProcessID : 3004
ThreadCreationTime : 5-15-05 6:20:30 PM
BasePriority : Normal
FileVersion : 7,0,0,297
ProductVersion : 7.0.0.297
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG 7.0
InternalName : avgw
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : AVGW.EXE

#:37 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3992
ThreadCreationTime : 5-15-05 6:24:04 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:38 [cidaemon.exe]
ModuleName : C:\WINDOWS\System32\cidaemon.exe
Command Line : cidaemon.exe DownLevelDaemon "g:\system volume information\catalog.wci" 196672l 812l
ProcessID : 2708
ThreadCreationTime : 5-15-05 6:24:28 PM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows Object Recognized!
Type : RegData
Data : explorer.exe, msmsgs.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe, msmsgs.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
11 entries scanned.
New critical objects:0
Objects found so far: 1




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

7:53:55 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:28:16.590
Objects scanned:149169
Objects identified:1
Objects ignored:0
New critical objects:1
  • 0

#4
Mannen
Posted 15 May 2005 - 01:55 PM

Mannen

    Ad-Aware Expert

  • Member
  • PipPipPip
  • 110 posts
Greetings!


Sorry to write, but please update Adaware and post a new log here :tazz:

Cheers
Mannen
  • 0

#5
Kizza*
Posted 15 May 2005 - 02:37 PM

Kizza*

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here ya go. Should I quarentine?

Kizza*

Ad-Aware SE Build 1.05
Logfile Created on:Sunday, May 15, 2005 9:08:15 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R45 13.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):27 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668

5-15-05 9:07:50 PM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R45 13.05.2005
Internal build : 53
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 473168 Bytes
Total size : 1430575 Bytes
Signature data size : 1399518 Bytes
Reference data size : 30545 Bytes
Signatures total : 39932
Fingerprints total : 881
Fingerprints size : 30173 Bytes
Target categories : 15
Target families : 672


5-15-05 9:08:07 PM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:27 %
Total physical memory:523744 kb
Available physical memory:139472 kb
Total page file size:1280820 kb
Available on page file:918976 kb
Total virtual memory:2097024 kb
Available virtual memory:2018820 kb
OS:Microsoft Windows XP Professional (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-15-05 9:08:15 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 384
ThreadCreationTime : 5-15-05 6:16:38 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 432
ThreadCreationTime : 5-15-05 6:16:41 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 456
ThreadCreationTime : 5-15-05 6:16:46 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 500
ThreadCreationTime : 5-15-05 6:16:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 512
ThreadCreationTime : 5-15-05 6:16:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [pavprot.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe"
ProcessID : 684
ThreadCreationTime : 5-15-05 6:16:48 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : PavProt Application
CompanyName : Panda Software
FileDescription : PavProt Application
InternalName : PAVPROT
LegalCopyright : © 2005 Panda Software. All rights reserved.
OriginalFilename : PavProt.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 816
ThreadCreationTime : 5-15-05 6:17:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 888
ThreadCreationTime : 5-15-05 6:17:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1188
ThreadCreationTime : 5-15-05 6:17:07 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1344
ThreadCreationTime : 5-15-05 6:17:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1528
ThreadCreationTime : 5-15-05 6:17:13 PM
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1568
ThreadCreationTime : 5-15-05 6:17:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1572
ThreadCreationTime : 5-15-05 6:17:13 PM
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:14 [msole32.exe]
ModuleName : C:\WINDOWS\System32\msole32.exe
Command Line : "C:\WINDOWS\System32\msole32.exe"
ProcessID : 1756
ThreadCreationTime : 5-15-05 6:17:17 PM
BasePriority : Normal


#:15 [kxmixer.exe]
ModuleName : C:\WINDOWS\System32\kxmixer.exe
Command Line : "C:\WINDOWS\System32\kxmixer.exe" --startup
ProcessID : 1792
ThreadCreationTime : 5-15-05 6:17:18 PM
BasePriority : Normal
FileVersion : 5, 10, 00, 3534 - debug
ProductVersion : 5, 10, 00, 3534 - debug
ProductName : kX mixer
CompanyName : Eugene Gavrilov
FileDescription : kX mixer
InternalName : kX mixer
LegalCopyright : Copyright © Eugene Gavrilov, 2001-2003.
OriginalFilename : kxmixer.exe

#:16 [lxbkbmgr.exe]
ModuleName : C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
Command Line : "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
ProcessID : 1812
ThreadCreationTime : 5-15-05 6:17:18 PM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X1100 Series Button Manager
InternalName : lxbkbmgr.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbkbmgr.exe

#:17 [apvxdwin.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
ProcessID : 1828
ThreadCreationTime : 5-15-05 6:17:18 PM
BasePriority : Normal
FileVersion : 5.3.14
ProductVersion : 5.3.14
ProductName : Panda Antivirus Aplication
CompanyName : Panda Software International
FileDescription : ApVxdWin
InternalName : ApVxdWin.exe
LegalCopyright : © Panda Software 2005
OriginalFilename : ApVxdWin.exe

#:18 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
ProcessID : 1836
ThreadCreationTime : 5-15-05 6:17:18 PM
BasePriority : Normal
FileVersion : 7,0,0,303
ProductVersion : 7.0.0.303
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:19 [avgemc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVG7\avgemc.exe"
ProcessID : 1848
ThreadCreationTime : 5-15-05 6:17:19 PM
BasePriority : Normal
FileVersion : 7,0,0,303
ProductVersion : 7.0.0.303
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:20 [lxbkbmon.exe]
ModuleName : C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
Command Line : "C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe"
ProcessID : 1936
ThreadCreationTime : 5-15-05 6:17:21 PM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X1100 Series Button Monitor
InternalName : lxbkbmon.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbkbmon.exe

#:21 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
ProcessID : 436
ThreadCreationTime : 5-15-05 6:17:50 PM
BasePriority : Normal
FileVersion : 7,0,0,303
ProductVersion : 7.0.0.303
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:22 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
ProcessID : 372
ThreadCreationTime : 5-15-05 6:17:50 PM
BasePriority : Normal
FileVersion : 7,0,0,301
ProductVersion : 7.0.0.301
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:23 [cisvc.exe]
ModuleName : C:\WINDOWS\System32\cisvc.exe
Command Line : C:\WINDOWS\System32\cisvc.exe
ProcessID : 812
ThreadCreationTime : 5-15-05 6:17:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:24 [pavfires.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
Command Line : n/a
ProcessID : 912
ThreadCreationTime : 5-15-05 6:17:51 PM
BasePriority : Normal
FileVersion : 1, 6, 8, 4
ProductVersion : 2.,0, 0, 5
ProductName : Internet Security Technologies
CompanyName : Panda Software
FileDescription : Personal Firewall Service
InternalName : Pavfires
LegalCopyright : Copyright © 2004 Panda Software
OriginalFilename : Pavfires.exe

#:25 [pavfnsvr.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe"
ProcessID : 960
ThreadCreationTime : 5-15-05 6:18:03 PM
BasePriority : Normal
FileVersion : 5.03.03
ProductVersion : 5.03.03
ProductName : Panda Software PavFnSvr
CompanyName : Panda Software
FileDescription : Panda Function Service
InternalName : PavFnSvr
LegalCopyright : © Panda Software 2005
OriginalFilename : PavFnSvr.exe

#:26 [pavkre.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe"
ProcessID : 1048
ThreadCreationTime : 5-15-05 6:18:03 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : PavKre Aplicación
CompanyName : Panda Software
FileDescription : PavKre Aplicación
InternalName : PavKre
LegalCopyright : © 2005 Panda Software. All rights reserved.
OriginalFilename : PavKre.exe

#:27 [pavprsrv.exe]
ModuleName : C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
Command Line : "C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe"
ProcessID : 2044
ThreadCreationTime : 5-15-05 6:18:13 PM
BasePriority : Normal
FileVersion : 1.3.0.0
ProductVersion : 1.3.0.0
ProductName : PandaShield
CompanyName : Panda Software
FileDescription : Panda Process Protection Service
InternalName : PavPrSrv
LegalCopyright : Copyright © 2004, Panda Software
OriginalFilename : PavPrSrv.exe

#:28 [pavsrv51.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe"
ProcessID : 200
ThreadCreationTime : 5-15-05 6:18:14 PM
BasePriority : High
FileVersion : 1, 3, 2085, 8
ProductVersion : 1.3.2085.8
ProductName : Panda Antivirus for Windows NT/2000/XP/2003
CompanyName : Panda Software
FileDescription : On-Access Antivirus Scanner Service.
InternalName : pavsrv.exe
LegalCopyright : © Panda Software 2004.
OriginalFilename : pavsrv.exe

#:29 [avengine.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\\AVENGINE.EXE"
ProcessID : 288
ThreadCreationTime : 5-15-05 6:18:14 PM
BasePriority : Normal
FileVersion : 1, 3, 2085, 7
ProductVersion : 1.3.2085.7
ProductName : Panda Antivirus for Windows NT/2000/XP/2003
CompanyName : Panda Software
FileDescription : Enhanced On-Access Antivirus Scanner Process.
InternalName : avengine.exe
LegalCopyright : © Panda Software 2004.
OriginalFilename : avengine.exe

#:30 [prevsrv.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe"
ProcessID : 1116
ThreadCreationTime : 5-15-05 6:18:15 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 11
ProductVersion : 2, 0, 0, 9
ProductName : prevsrv
CompanyName : Panda Software
FileDescription : Panda Preventium+ © service
InternalName : prevsrv
LegalCopyright : Copyright © Panda Software 2004
OriginalFilename : prevsrv
Comments : Panda Preventium+ © service

#:31 [psimsvc.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe"
ProcessID : 1108
ThreadCreationTime : 5-15-05 6:18:16 PM
BasePriority : Normal
FileVersion : 1, 5, 3, 0
ProductVersion : 1, 5, 0, 0
ProductName : Panda Antivirus
CompanyName : Panda Software Internacional
FileDescription : Common Interface Manager
InternalName : PsImSvc
LegalCopyright : © Panda Software 2005.
OriginalFilename : PsImSvc.exe

#:32 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1256
ThreadCreationTime : 5-15-05 6:18:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:33 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 1780
ThreadCreationTime : 5-15-05 6:18:18 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:34 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k netsvcs
ProcessID : 2232
ThreadCreationTime : 5-15-05 6:18:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:35 [webproxy.exe]
ModuleName : C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
Command Line : "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe"
ProcessID : 2732
ThreadCreationTime : 5-15-05 6:18:27 PM
BasePriority : Normal
FileVersion : 5, 3, 15, 15
ProductVersion : 5, 3, 30, 0
ProductName : Internet Resident
CompanyName : Panda Software
FileDescription : WebProxy
InternalName : WebProxy
LegalCopyright : © Panda Software 2004
OriginalFilename : WebProxy.exe

#:36 [avgw.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG7\avgw.exe
Command Line : "C:\PROGRA~1\Grisoft\AVG7\avgw.exe" /TEST=2
ProcessID : 3004
ThreadCreationTime : 5-15-05 6:20:30 PM
BasePriority : Normal
FileVersion : 7,0,0,297
ProductVersion : 7.0.0.297
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG 7.0
InternalName : avgw
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : AVGW.EXE

#:37 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3992
ThreadCreationTime : 5-15-05 6:24:04 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:38 [cidaemon.exe]
ModuleName : C:\WINDOWS\System32\cidaemon.exe
Command Line : cidaemon.exe DownLevelDaemon "g:\system volume information\catalog.wci" 196672l 812l
ProcessID : 2708
ThreadCreationTime : 5-15-05 6:24:28 PM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1d27210e-2da2-41e2-a103-b5fd9d6a798b}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{145e6fb1-1256-44ed-a336-8bba43373be6}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{145e6fb1-1256-44ed-a336-8bba43373be6}
Value : InprocServer32

Windows Object Recognized!
Type : RegData
Data : explorer.exe, msmsgs.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe, msmsgs.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 4


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
11 entries scanned.
New critical objects:0
Objects found so far: 4




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\system
Value : Wallpaper

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search
Value : SearchAssistant

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\system
Value : NoDispAppearancePage

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\system
Value : WallpaperStyle

CoolWebSearch Object Recognized!
Type : RegData
Data : C:\wp.bmp
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : control panel\desktop
Value : Wallpaper
Data : C:\wp.bmp

CoolWebSearch Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Documents and Settings\Default\Favorites\Online Pharmacy

CoolWebSearch Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Documents and Settings\Default\Favorites\Internet

CoolWebSearch Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Documents and Settings\Default\Favorites\Insurance

CoolWebSearch Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Documents and Settings\Default\Favorites\Health

CoolWebSearch Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Documents and Settings\Default\Favorites\Adult

CoolWebSearch Object Recognized!
Type : File
Data : Insurance Brokers.url
Category : Malware
Comment :
Object : C:\Documents and Settings\Default\Favorites\insurance\



CoolWebSearch Object Recognized!
Type : File
Data : Dental Insurance.url
Category : Malware
Comment :
Object : C:\Documents and Settings\Default\Favorites\insurance\



CoolWebSearch Object Recognized!
Type : File
Data : Workers Compensation.url
Category : Malware
Comment :
Object : C:\Documents and Settings\Default\Favorites\insurance\



CoolWebSearch Object Recognized!
Type : File
Data : Free Insurance Quote.url
Category : Malware
Comment :
Object : C:\Documents and Settings\Default\Favorites\insurance\



CoolWebSearch Object Recognized!
Type : File
Data : Health Insurance.url
Category : Malware
Comment :
Object : C:\Documents and Settings\Default\Favorites\health\



CoolWebSearch Object Recognized!
Type : File
Data : Weight Loss.url
Category : Malware
Comment :
Object : C:\Documents and Settings\Default\Favorites\health\



CoolWebSearch Object Recognized!
Type : File
Data : Diets.url
Category : Malware
Comment :
Object : C:\Documents and Settings\Default\Favorites\health\



CoolWebSearch Object Recognized!
Type : File
Data : Human Growth Hormone.url
Category : Malware
Comment :
Object : C:\Documents and Settings\Default\Favorites\health\



CoolWebSearch Object Recognized!
Type : File
Data : Men Health.url
Category : Malware
Comment :
Object : C:\Documents and Settings\Default\Favorites\health\



CoolWebSearch Object Recognized!
Type : File
Data : Women Health.url
Category : Malware
Comment :
Object : C:\Documents and Settings\Default\Favorites\health\



CoolWebSearch Object Recognized!
Type : File
Data : Fitness.url
Category : Malware
Comment :
Object : C:\Documents and Settings\Default\Favorites\health\



CoolWebSearch Object Recognized!
Type : File
Data : Contact Lens.url
Category : Malware
Comment :
Object : C:\Documents and Settings\Default\Favorites\health\



CoolWebSearch Object Recognized!
Type : File
Data : Diabetes.url
Category : Malware
Comment :
Object : C:\Documents and Settings\Default\Favorites\health\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 24
Objects found so far: 28

9:30:43 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:22:27.558
Objects scanned:149712
Objects identified:28
Objects ignored:0
New critical objects:28
  • 0

#6
Kat
Posted 15 May 2005 - 02:52 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP

Except one which asked me to return to the very first set of hijack this directions (ad-aware, cw shredder, spybot s&d etc)... Having done all this already I thought best to post that I had not received a reply for over 5 days.. and am waiting to recieve a reply on that front.


Hi Kizza* You are in fact being helped in the Malware removal section. Avohir posted to you back on May 8th requesting a fresh HJT log, as the one you had posted was from May 4th. You have not yet responded to his request. I am closing this thread, as you need to be helped on your thread in the Malware Removal area to fully remove Smitfraud. Please post a fresh HJT log there, and I will be happy to help you get fixed up.

THank you for your cooperation.
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP