Help - Search - Members - Calendar
Full Version: spyware infection - ssecuritypage
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive General Support Issues
pathfinder
Aug 14 2006, 11:30 AM
Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, August 14, 2006 8:19:04 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R118 07.08.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Freeprod Toolbar(TAC index:3):2 total references
Adware.Yazzle(TAC index:7):2 total references
MRU List(TAC index:0):21 total references
Other(TAC index:5):1 total references
PurityScan(TAC index:6):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


8/14/2006 8:19:04 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Victor Wong\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-57989841-73586283-725345543-1004\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar


MRU List Object Recognized!
Location: : S-1-5-21-57989841-73586283-725345543-1004\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-57989841-73586283-725345543-1004\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-57989841-73586283-725345543-1004\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-57989841-73586283-725345543-1004\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-57989841-73586283-725345543-1004\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-57989841-73586283-725345543-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-57989841-73586283-725345543-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-57989841-73586283-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-57989841-73586283-725345543-1004\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-57989841-73586283-725345543-1004\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 424
ThreadCreationTime : 8/14/2006 8:45:37 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 480
ThreadCreationTime : 8/14/2006 8:45:38 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 520
ThreadCreationTime : 8/14/2006 8:45:46 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 564
ThreadCreationTime : 8/14/2006 8:45:46 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 576
ThreadCreationTime : 8/14/2006 8:45:46 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 752
ThreadCreationTime : 8/14/2006 8:45:47 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 804
ThreadCreationTime : 8/14/2006 8:45:47 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 988
ThreadCreationTime : 8/14/2006 8:45:47 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1044
ThreadCreationTime : 8/14/2006 8:45:48 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1184
ThreadCreationTime : 8/14/2006 8:45:48 AM
BasePriority : Normal
FileVersion : 103.0.7.2
ProductVersion : 103.0.7.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:11 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1196
ThreadCreationTime : 8/14/2006 8:45:48 AM
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:12 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 1244
ThreadCreationTime : 8/14/2006 8:45:48 AM
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:13 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1308
ThreadCreationTime : 8/14/2006 8:45:49 AM
BasePriority : Normal
FileVersion : 103.0.7.2
ProductVersion : 103.0.7.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:14 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1536
ThreadCreationTime : 8/14/2006 8:45:50 AM
BasePriority : Normal
FileVersion : 5,13,00,00
ProductVersion : 5,13,00,00
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2000 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:15 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1552
ThreadCreationTime : 8/14/2006 8:45:50 AM
BasePriority : Normal
FileVersion : 103.0.7.2
ProductVersion : 103.0.7.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:16 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1584
ThreadCreationTime : 8/14/2006 8:45:50 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:17 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1652
ThreadCreationTime : 8/14/2006 8:45:50 AM
BasePriority : Normal
FileVersion : 7.1
ProductVersion : QuickTime 7.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:18 [acmonitor_x73.exe]
FilePath : C:\PROGRA~1\LEXMAR~1\
ProcessID : 1660
ThreadCreationTime : 8/14/2006 8:45:50 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 0
ProductName : ACMonitor
CompanyName : Silitek Corp.
FileDescription : ACMonitor
InternalName : ACMonitor
LegalCopyright : Copyright c 2001
OriginalFilename : ACMonitor.exe

#:19 [acbtnmgr_x73.exe]
FilePath : C:\PROGRA~1\LEXMAR~1\
ProcessID : 1668
ThreadCreationTime : 8/14/2006 8:45:50 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Jetsoft Development Company AcBtnMgr
CompanyName : Jetsoft Development Company
FileDescription : AcBtnMgr
InternalName : AcBtnMgr
LegalCopyright : Copyright © 2000
OriginalFilename : AcBtnMgr.exe
Comments : By: Alan S Hong

#:20 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 1708
ThreadCreationTime : 8/14/2006 8:45:50 AM
BasePriority : Normal


#:21 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1716
ThreadCreationTime : 8/14/2006 8:45:50 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:22 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1724
ThreadCreationTime : 8/14/2006 8:45:50 AM
BasePriority : Normal
FileVersion : 8.0.0812.00
ProductVersion : 8.0.0812
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright © Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe

#:23 [wincinemamgr.exe]
FilePath : C:\Program Files\InterVideo\Common\Bin\
ProcessID : 1760
ThreadCreationTime : 8/14/2006 8:45:50 AM
BasePriority : Normal
FileVersion : 1.0
ProductVersion : 1, 0, 0, 1
ProductName : WinCinema Manager for InterVideo WinCinema products
FileDescription : WinCinema Manager
InternalName : WinCinema Manager
LegalCopyright : Copyright © 2000 InterVideo Inc.
OriginalFilename : WinCinemaMgr.EXE

#:24 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 232
ThreadCreationTime : 8/14/2006 8:45:57 AM
BasePriority : Normal
FileVersion : 3.0.0.171
ProductVersion : 3.0.0.171
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe

#:25 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 336
ThreadCreationTime : 8/14/2006 8:45:57 AM
BasePriority : Normal
FileVersion : 11.0.16.2
ProductVersion : 11.0.16
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:26 [npfmntor.exe]
FilePath : C:\Program Files\Norton AntiVirus\IWP\
ProcessID : 348
ThreadCreationTime : 8/14/2006 8:45:57 AM
BasePriority : Normal
FileVersion : 11.0.16.2
ProductVersion : 11.0.16
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE

#:27 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 372
ThreadCreationTime : 8/14/2006 8:45:57 AM
BasePriority : Normal
FileVersion : 6.13.10.2832
ProductVersion : 6.13.10.2832
ProductName : NVIDIA Driver Helper Service, Version 28.32
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 28.32
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:28 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 840
ThreadCreationTime : 8/14/2006 8:46:01 AM
BasePriority : Normal
FileVersion : 1, 8, 54, 534
ProductVersion : 1, 8, 54, 534
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:29 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3044
ThreadCreationTime : 8/14/2006 8:47:13 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:30 [update.exe]
FilePath : C:\Program Files\Common Files\{140A3A94-068B-1033-0522-020531020001}\
ProcessID : 3484
ThreadCreationTime : 8/14/2006 10:02:04 AM
BasePriority : Normal


#:31 [ishost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3528
ThreadCreationTime : 8/14/2006 10:02:05 AM
BasePriority : Normal


#:32 [rundll.exe]
FilePath : C:\DOCUME~1\VICTOR~1\APPLIC~1\MANTEC~1\
ProcessID : 2756
ThreadCreationTime : 8/14/2006 10:02:48 AM
BasePriority : Normal


#:33 [acrord32.exe]
FilePath : C:\Program Files\Adobe\Acrobat 7.0\Reader\
ProcessID : 2260
ThreadCreationTime : 8/14/2006 10:11:45 AM
BasePriority : Normal
FileVersion : 7.0.8.2006051600
ProductVersion : 7.0.8.2006051600
ProductName : Adobe Reader
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Reader 7.0
LegalCopyright : Copyright 1984-2006 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroRd32.exe

#:34 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 544
ThreadCreationTime : 8/14/2006 10:14:33 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:35 [idriver.exe]
FilePath : C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\
ProcessID : 2412
ThreadCreationTime : 8/14/2006 10:15:56 AM
BasePriority : Normal
FileVersion : 8.01.293
ProductVersion : 8.00
ProductName : InstallDriver Module
FileDescription : InstallDriver Module
InternalName : InstallDriver
LegalCopyright : Copyright 2000
OriginalFilename : InstallDriver.EXE

#:36 [issearch.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3584
ThreadCreationTime : 8/14/2006 10:16:18 AM
BasePriority : Normal

"C:\WINDOWS\System32\issearch.exe"Process terminated successfully

#:37 [isnotify.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2536
ThreadCreationTime : 8/14/2006 10:16:18 AM
BasePriority : Normal

"C:\WINDOWS\System32\isnotify.exe"Process terminated successfully

#:38 [ismon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1076
ThreadCreationTime : 8/14/2006 10:16:19 AM
BasePriority : Normal

"C:\WINDOWS\System32\ismon.exe"Process terminated successfully

#:39 [msiexec.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1804
ThreadCreationTime : 8/14/2006 10:17:24 AM
BasePriority : Normal

"C:\WINDOWS\System32\msiexec.exe"Process terminated successfully

#:40 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1000
ThreadCreationTime : 8/14/2006 10:18:51 AM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

PurityScan Object Recognized!
Type : File
Data : wind32[1].exe
TAC Rating : 6
Category : Malware
Comment :
Object : C:\Documents and Settings\Victor Wong\Local Settings\Temporary Internet Files\Content.IE5\M1J4T4RI\



Adware.Yazzle Object Recognized!
Type : File
Data : Cowabanga.exe
TAC Rating : 7
Category : Malware
Comment :
Object : C:\Program Files\Cowabanga\
FileVersion : 1.01
ProductVersion : 1.01
ProductName : Cowabanga
CompanyName : Yazzle
InternalName : Cowabanga
OriginalFilename : Cowabanga.exe


Adware.Freeprod Toolbar Object Recognized!
Type : File
Data : MyToolBar.dll
TAC Rating : 3
Category : Adware
Comment :
Object : C:\Program Files\ToolBar888\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : ToolBar888 Module
FileDescription : ToolBar888 Module
InternalName : ToolBar888
LegalCopyright : Copyright 2001
OriginalFilename : MyToolBar.DLL


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 24


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 24




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.Freeprod Toolbar Object Recognized!
Type : Folder
TAC Rating : 3
Category : Adware
Comment : Adware.Freeprod Toolbar
Object : C:\Program Files\ToolBar888

Adware.Yazzle Object Recognized!
Type : File
Data : Cowabanga.lnk
TAC Rating : 7
Category : Malware
Comment : Shortcut to bad file : C:\Documents and Settings\Victor Wong\Start Menu\Programs\Games\Cowabanga.lnk
Object : C:\Documents and Settings\Victor Wong\Start Menu\Programs\Games\



Other Object Recognized!
Type : File
Data : COWABANGA.EXE-1AF04058.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 27

8:24:02 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:57.875
Objects scanned:97723
Objects identified:7
Objects ignored:0
New critical objects:7


------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:24:49 PM, on 8/14/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\{140A3A94-068B-1033-0522-020531020001}\Update.exe
C:\WINDOWS\System32\ishost.exe
C:\DOCUME~1\VICTOR~1\APPLIC~1\MANTEC~1\rundll.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\ismon.exe
C:\WINDOWS\System32\issearch.exe
C:\WINDOWS\System32\isnotify.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\W?nSxS\?hkntfs.exe
D:\MICROSOFT_OFFICE_XP\SETUP.EXE
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\MsiExec.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asx.com.au/asx/markets/EquitySearchPage.jsp
R3 - URLSearchHook: (no name) - {B925F523-10CA-3063-BCB2-37B6ADE67BCB} - C:\WINDOWS\System32\oautri.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\Safety Bar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Malr] "C:\DOCUME~1\VICTOR~1\APPLIC~1\MANTEC~1\rundll.exe" -vt yazr
O4 - HKCU\..\Run: [Lvxbf] C:\Program Files\Common Files\W?nSxS\?hkntfs.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155218528842
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\dvdplay.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\System32\urroxtl.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thanks for your assistance!
Ad Astra
Aug 16 2006, 08:13 PM
Hi

Ad-Aware SE has the option to scan for Most Recently Used (MRU) values and these are listed as the MRU List Object Recognized! objects. These are not malicious and can either be ignored or omitted from the scan. Can you run a scan with Ad-Aware SE without the MRU option and allow Ad-Aware SE to remove the other items it finds.

1) Start Ad-Aware SE

2) In the Ad-Aware SE Status window click on the "Check for updates now" link then the connect button and follow the prompts to ensure you have the most up to date defintions file.

3) Press the start button and in the Preparing System Scan window select the option "Perform full system scan", click on "Search for negligible risk entries" so that it shows a red cross i.e. is deselected and click on "Search for low-risk threats" so that is shows green tick i.e. is selected.

4) ) Click the next button to start the full scan, when the scan finishes click on the next button to go to the "Scanning Results" screen, click in the box next to each target family click next again to remove the items.

Reboot your PC and then run both a new Ad-Aware SE scan and HijackThis and post the log files so we can see if all the items have been removed OK.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.