Lavasoft Support Forums > Win32.trojandownloader.agent

Full Version: Win32.trojandownloader.agent - Somebody Please Help...

Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive General Support Issues

Milleniumgirl_2010

May 27 2007, 03:25 AM

I've had this Win32 Trojan

for months and can't find anyone who can help me get rid of it.......somebody please help.....I'm ready to pull my hair out!

Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, May 26, 2007 9:34:35 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R172 22.05.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):2 total references
Tracking Cookie(TAC index:3):7 total references
Win32.TrojanDownloader.Agent(TAC index:10):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

5-26-2007 9:34:35 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-2660842765-1366245724-1926956387-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 788
ThreadCreationTime : 5-26-2007 11:29:37 PM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 864
ThreadCreationTime : 5-26-2007 11:29:42 PM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 888
ThreadCreationTime : 5-26-2007 11:29:42 PM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 932
ThreadCreationTime : 5-26-2007 11:29:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 944
ThreadCreationTime : 5-26-2007 11:29:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1132
ThreadCreationTime : 5-26-2007 11:29:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1184
ThreadCreationTime : 5-26-2007 11:29:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1332
ThreadCreationTime : 5-26-2007 11:29:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [evteng.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1388
ThreadCreationTime : 5-26-2007 11:29:44 PM
BasePriority : Normal
FileVersion : 10, 1, 1, 1
ProductVersion : 10, 1, 1, 0
ProductName : Intel® PROSet/Wireless Event Log
CompanyName : Intel Corporation
FileDescription : Intel® PROSet/Wireless Event Log
InternalName : EvtEng
LegalCopyright : Copyright © Intel Corporation 1999-2006
OriginalFilename : EvtEng.EXE

#:10 [s24evmon.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1416
ThreadCreationTime : 5-26-2007 11:29:44 PM
BasePriority : Normal
FileVersion : 10, 1, 1, 34
ProductVersion : 10, 1, 1, 0
ProductName : Intel® PROSet/Wireless Service
CompanyName : Intel Corporation
FileDescription : Wireless Management Service
InternalName : S24EvMon
LegalCopyright : Copyright © Intel Corporation 1999-2006
OriginalFilename : S24EvMon.exe

#:11 [wlkeeper.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1448
ThreadCreationTime : 5-26-2007 11:29:44 PM
BasePriority : Normal
FileVersion : 10, 1, 1, 28
ProductVersion : 10, 1, 1, 0
ProductName : SSO Service
CompanyName : Intel® Corporation
FileDescription : WLANKEEPER
InternalName : WLANKEEPER
LegalCopyright : Copyright © Intel Corporation 1999-2006
OriginalFilename : WLKEEPER.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1600
ThreadCreationTime : 5-26-2007 11:29:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1800
ThreadCreationTime : 5-26-2007 11:29:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 136
ThreadCreationTime : 5-26-2007 11:29:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [aolacsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ProcessID : 272
ThreadCreationTime : 5-26-2007 11:29:46 PM
BasePriority : Normal

#:16 [mdnsresponder.exe]
FilePath : C:\Program Files\Bonjour\
ProcessID : 284
ThreadCreationTime : 5-26-2007 11:29:46 PM
BasePriority : Normal
FileVersion : 1,0,2,9
ProductVersion : 1,0,2,9
ProductName : Bonjour
CompanyName : Apple Computer, Inc.
FileDescription : Bonjour Service
InternalName : mDNSResponder.exe
LegalCopyright : Copyright © 2003-2005 Apple Computer, Inc.
OriginalFilename : mDNSResponder.exe

#:17 [ehrecvr.exe]
FilePath : C:\WINDOWS\eHome\
ProcessID : 360
ThreadCreationTime : 5-26-2007 11:29:46 PM
BasePriority : Above Normal
FileVersion : 5.1.2715.3011 (xpsp(wmbla).061009-1511)
ProductVersion : 5.1.2715.3011
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Receiver Service
InternalName : ehRecvr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehRecvr.exe

#:18 [ehsched.exe]
FilePath : C:\WINDOWS\eHome\
ProcessID : 484
ThreadCreationTime : 5-26-2007 11:29:46 PM
BasePriority : Normal
FileVersion : 5.1.2710.2732 (xpsp(wmbla).050805-1239)
ProductVersion : 5.1.2710.2732
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Scheduler Service
InternalName : ehSched
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehSched.exe

#:19 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 680
ThreadCreationTime : 5-26-2007 11:29:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 760
ThreadCreationTime : 5-26-2007 11:29:46 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:21 [nicconfigsvc.exe]
FilePath : C:\Program Files\Dell\QuickSet\
ProcessID : 908
ThreadCreationTime : 5-26-2007 11:29:46 PM
BasePriority : Normal
FileVersion : 7, 0, 7, 0
ProductVersion : 7, 0, 7, 0
ProductName : NicConfigSvc
CompanyName : Dell Inc.
FileDescription : Internal Network Card Power Management Service
InternalName : NicConfigSvc
LegalCopyright : Copyright © 2005 Dell Inc.
OriginalFilename : NicConfigSvc.exe

#:22 [regsrvc.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1312
ThreadCreationTime : 5-26-2007 11:29:46 PM
BasePriority : Normal
FileVersion : 10, 1, 1, 1
ProductVersion : 10, 1, 1, 0
ProductName : Intel® PROSet/Wireless Registry Service
CompanyName : Intel Corporation
FileDescription : Intel® PROSet/Wireless Registry Service
InternalName : RegSrvc
LegalCopyright : Copyright © Intel Corporation 1999-2006
OriginalFilename : RegSrvc.EXE
Comments : Registry Interface for Intel Wireless Products

#:23 [sbcssvc.exe]
FilePath : C:\Program Files\Sunbelt Software\CounterSpy\
ProcessID : 1432
ThreadCreationTime : 5-26-2007 11:29:46 PM
BasePriority : Normal
FileVersion : 2.2.1013.0
ProductVersion : 2.2.1013.0
ProductName : CounterSpy SDK
CompanyName : Sunbelt Software
FileDescription : Scan Service
InternalName : SBCSSvc.exe
LegalCopyright : Copyright © 2002-2006 Sunbelt Software. All rights reserved.
LegalTrademarks : SUNBELT SOFTWARE and the "S" logo are registered trademarks of Sunbelt Software. CounterSpy SDK is a trademark of Sunbelt Software.
OriginalFilename : SBCSSvc.exe

#:24 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1484
ThreadCreationTime : 5-26-2007 11:29:46 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:25 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1664
ThreadCreationTime : 5-26-2007 11:29:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:26 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1712
ThreadCreationTime : 5-26-2007 11:29:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:27 [mcrdsvc.exe]
FilePath : C:\WINDOWS\ehome\
ProcessID : 2136
ThreadCreationTime : 5-26-2007 11:29:47 PM
BasePriority : Normal
FileVersion : 4.1.2710.2732 (xpsp(wmbla).050805-1239)
ProductVersion : 4.1.2710.2732
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : MCRD Device Service
InternalName : McrdSvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : McrdSvc.exe

#:28 [wmpnetwk.exe]
FilePath : C:\Program Files\Windows Media Player\
ProcessID : 2356
ThreadCreationTime : 5-26-2007 11:29:47 PM
BasePriority : Normal
FileVersion : 11.0.5721.5145 (WMP_11.061018-2006)
ProductVersion : 11.0.5721.5145
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player Network Sharing Service
InternalName : Windows Media Player Network Sharing Service
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WMPNetwk.exe

#:29 [ehtray.exe]
FilePath : C:\WINDOWS\ehome\
ProcessID : 2928
ThreadCreationTime : 5-26-2007 11:29:48 PM
BasePriority : Normal
FileVersion : 5.1.2715.2765 (xpsp(wmbla).050928-2135)
ProductVersion : 5.1.2715.2765
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Tray Applet
InternalName : ehtray
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehtray.exe

#:30 [wmiprvse.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 2952
ThreadCreationTime : 5-26-2007 11:29:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:31 [hkcmd.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2972
ThreadCreationTime : 5-26-2007 11:29:48 PM
BasePriority : Normal
FileVersion : 3.0.0.4446
ProductVersion : 7.0.0.4446
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : HKCMD.EXE

#:32 [igfxpers.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3008
ThreadCreationTime : 5-26-2007 11:29:48 PM
BasePriority : Normal
FileVersion : 3.0.0.4446
ProductVersion : 7.0.0.4446
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : persistence Module
InternalName : PERSISTENCE
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : IGFXPERS.EXE

#:33 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 3028
ThreadCreationTime : 5-26-2007 11:29:48 PM
BasePriority : Normal
FileVersion : 8.2.4.6 08Mar06
ProductVersion : 8.2.4.6 08Mar06
ProductName : Synaptics Pointing Device Driver
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Synaptics Enhancements Application
LegalCopyright : Copyright © Synaptics, Inc. 1996-2005
OriginalFilename : SynTPEnh.exe

#:34 [igfxsrvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3048
ThreadCreationTime : 5-26-2007 11:29:48 PM
BasePriority : Normal
FileVersion : 3.0.0.4446
ProductVersion : 7.0.0.4446
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxsrvc Module
InternalName : IGFXSRVC
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : IGFXSRVC.EXE

#:35 [zcfgsvc.exe]
FilePath : C:\Program Files\Intel\Wireless\bin\
ProcessID : 3056
ThreadCreationTime : 5-26-2007 11:29:48 PM
BasePriority : Normal
FileVersion : 10, 1, 1, 45
ProductVersion : 10, 1, 1, 0
ProductName : ZeroCfgSvc Application
CompanyName : Intel Corporation
FileDescription : ZeroCfgSvc MFC Application
InternalName : ZeroCfgSvc
LegalCopyright : Copyright © Intel Corporation 1999-2006
OriginalFilename : ZeroCfgSvc.EXE

#:36 [ifrmewrk.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 3140
ThreadCreationTime : 5-26-2007 11:29:48 PM
BasePriority : Normal
FileVersion : 10, 1, 1, 19
ProductVersion : 10, 1, 1, 0
ProductName : Intel® PROSet/Wireless
CompanyName : Intel Corporation
FileDescription : Intel Framework MFC Application
InternalName : Framework
LegalCopyright : Copyright © Intel Corporation 1999-2006
OriginalFilename : iFramewrk.exe

#:37 [stsystra.exe]
FilePath : C:\WINDOWS\
ProcessID : 3148
ThreadCreationTime : 5-26-2007 11:29:48 PM
BasePriority : Normal
FileVersion : 1.0.4995.1 nd446 cp1
ProductVersion : 1.0.4995.1 nd446 cp1
ProductName : C-Major Audio
CompanyName : SigmaTel, Inc.
FileDescription : Sigmatel Audio system tray application
InternalName : stsystray.exe
LegalCopyright : Copyright © 2004-2005, SigmaTel, Inc.
OriginalFilename : stsystray.exe

#:38 [dvdlauncher.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ProcessID : 3168
ThreadCreationTime : 5-26-2007 11:29:48 PM
BasePriority : Normal
FileVersion : 3.00.0000
ProductVersion : 3.00.0000
ProductName : Cyberlink PowerCinema 3.0
CompanyName : CyberLink Corp.
FileDescription : CyberLink PowerCinema Resident Program
InternalName : CyberLink PowerCinema Resident Program
LegalCopyright : Copyright © 2003 CyberLink Corp.
OriginalFilename : DVDLauncher.EXE

#:39 [issch.exe]
FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\
ProcessID : 3204
ThreadCreationTime : 5-26-2007 11:29:48 PM
BasePriority : Normal
FileVersion : 4, 50, 100, 33433
ProductVersion : 4, 50
ProductName : InstallShield Update Service
CompanyName : InstallShield Software Corporation
FileDescription : InstallShield Update Service Scheduler
InternalName : Scheduler
LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation
OriginalFilename : issch.exe

#:40 [hpwuschd2.exe]
FilePath : C:\Program Files\HP\HP Software Update\
ProcessID : 3252
ThreadCreationTime : 5-26-2007 11:29:49 PM
BasePriority : Normal
FileVersion : 53.0.13.000
ProductVersion : 053.000.013.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : Hewlett-Packard Product Assistant
InternalName : hpwuSchd2
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : hpwuSchd2.exe
Comments : Hewlett-Packard Product Assistant

#:41 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 3296
ThreadCreationTime : 5-26-2007 11:29:49 PM
BasePriority : Normal
FileVersion : 0.1.0.3725
ProductVersion : 0.1.0.3725
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:42 [dlbxmon.exe]
FilePath : C:\Program Files\Dell Photo AIO Printer 962\
ProcessID : 3416
ThreadCreationTime : 5-26-2007 11:29:49 PM
BasePriority : Normal
FileVersion : 1.196.0.0
ProductVersion : 1.196.0.0
ProductName : DellPhoto AIO Printer 962 Device Monitor
CompanyName : Dell
FileDescription : DellPhoto AIO Printer 962 Device Monitor
InternalName : dlbxmon.exe
LegalCopyright : © 2002 Dell
OriginalFilename : dlbxmon.exe

#:43 [hpztsb07.exe]
FilePath : C:\WINDOWS\system32\spool\drivers\w32x86\3\
ProcessID : 3488
ThreadCreationTime : 5-26-2007 11:29:49 PM
BasePriority : Normal
FileVersion : 2,140,0,0
ProductVersion : 2,140,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2002

#:44 [mmdiag.exe]
FilePath : C:\PROGRA~1\MUSICM~1\MUSICM~3\
ProcessID : 3496
ThreadCreationTime : 5-26-2007 11:29:49 PM
BasePriority : Normal
FileVersion : 10.10.1038
ProductVersion : 10.10.1038
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : Logging and tracing manager
InternalName : MMTraceExe
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : MMTraceExe.EXE

#:45 [tfswctrl.exe]
FilePath : C:\WINDOWS\system32\dla\
ProcessID : 3520
ThreadCreationTime : 5-26-2007 11:29:49 PM
BasePriority : Normal
FileVersion : 1.04.08a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions

#:46 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 3532
ThreadCreationTime : 5-26-2007 11:29:49 PM
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:47 [sbcstray.exe]
FilePath : C:\Program Files\Sunbelt Software\CounterSpy\
ProcessID : 3604
ThreadCreationTime : 5-26-2007 11:29:49 PM
BasePriority : Normal
FileVersion : 2.2.1013.0
ProductVersion : 2.2.1013.0
ProductName : CounterSpy SDK
CompanyName : Sunbelt Software
FileDescription : Tray Application
InternalName : Tray Application
LegalCopyright : Copyright © 2002-2006 Sunbelt Software. All rights reserved.
LegalTrademarks : SUNBELT SOFTWARE and the "S" logo are registered trademarks of Sunbelt Software. CounterSpy SDK is a trademark of Sunbelt Software.
OriginalFilename : SBCSTray.exe

#:48 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.6.0_01\bin\
ProcessID : 3624
ThreadCreationTime : 5-26-2007 11:29:49 PM
BasePriority : Normal

#:49 [drvmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3796
ThreadCreationTime : 5-26-2007 11:29:49 PM
BasePriority : Normal
FileVersion : 1, 0, 1, 2
ProductVersion : 1, 0, 1, 2
ProductName : Alcor Micro, Corp. Drive Monitor
CompanyName : Alcor Micro, Corp.
FileDescription : Drive Monitor
InternalName : Drive Monitor
LegalCopyright : Copyright c 2003 Alcor Micro, Corp.
OriginalFilename : DrvMonw.exe
Comments : For Reserve

#:50 [mim.exe]
FilePath : C:\Program Files\MUSICMATCH\Musicmatch Jukebox\
ProcessID : 3820
ThreadCreationTime : 5-26-2007 11:29:49 PM
BasePriority : Normal
FileVersion : 10.10.1038
ProductVersion : 10.10.1038
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mim
InternalName : mim
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mim.exe

#:51 [wmpnscfg.exe]
FilePath : C:\Program Files\Windows Media Player\
ProcessID : 3828
ThreadCreationTime : 5-26-2007 11:29:49 PM
BasePriority : Normal
FileVersion : 11.0.5721.5145 (WMP_11.061018-2006)
ProductVersion : 11.0.5721.5145
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player Network Sharing Service Configuration Application
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WMPNSCFG.EXE

#:52 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3876
ThreadCreationTime : 5-26-2007 11:29:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:53 [dsagnt.exe]
FilePath : C:\Program Files\DellSupport\
ProcessID : 3896
ThreadCreationTime : 5-26-2007 11:29:50 PM
BasePriority : Below Normal
FileVersion : 3, 0, 0, 197
ProductVersion : 3, 0, 0, 197
ProductName : Dell Support
CompanyName : Gteko Ltd.
FileDescription : Dell Support
InternalName : AUAgent
LegalCopyright : Copyright © 2000 - 2007 Gteko Ltd.
OriginalFilename : AUAgent.exe

#:54 [dlg.exe]
FilePath : C:\Program Files\Digital Line Detect\
ProcessID : 404
ThreadCreationTime : 5-26-2007 11:29:51 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe

#:55 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 428
ThreadCreationTime : 5-26-2007 11:29:51 PM
BasePriority : Normal
FileVersion : 53.0.13.000
ProductVersion : 053.000.013.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor

#:56 [ypops.exe]
FilePath : C:\Program Files\YPOPs\
ProcessID : 492
ThreadCreationTime : 5-26-2007 11:29:51 PM
BasePriority : Normal
FileVersion : 0.8.8
ProductVersion : 0.8.8
ProductName : YPOPs!
CompanyName : http://yahoopops.sourceforge.net
FileDescription : Free POP3/SMTP access to Yahoo! Mail
InternalName : YPOPs!
LegalCopyright : Copyright © 2002,2005, The YPOPs! Team
LegalTrademarks : This software is released under GPL (version 2 or later). Yahoo! Mail is a trademark of Yahoo!. This program is not a product of Yahoo!. Portions of YPOPs! is based on FetchYahoo
OriginalFilename : ypops.exe
Comments : YPOPs! is released under GPL v2

#:57 [hpqste08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 2084
ThreadCreationTime : 5-26-2007 11:29:56 PM
BasePriority : Normal
FileVersion : 53.0.13.000
ProductVersion : 053.000.013.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP CUE Status
InternalName : HPQSTS00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQSTS00.EXE
Comments : HP CUE Status

#:58 [dot1xcfg.exe]
FilePath : C:\PROGRA~1\Intel\Wireless\Bin\
ProcessID : 2824
ThreadCreationTime : 5-26-2007 11:31:08 PM
BasePriority : Normal
FileVersion : 10, 1, 1, 84
ProductVersion : 10, 1, 1, 1
ProductName : Intel PROSet/Wireless
CompanyName : Intel Corporation
FileDescription : Intel 802.1x Server
InternalName : Dot1xCfg
LegalCopyright : Copyright © Intel Corporation 1999-2006
OriginalFilename : Dot1xCfg.exe

#:59 [dllhost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2996
ThreadCreationTime : 5-26-2007 11:31:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : COM Surrogate
InternalName : dllhost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : dllhost.exe

#:60 [dlbxcoms.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3936
ThreadCreationTime : 5-26-2007 11:31:17 PM
BasePriority : High
FileVersion : 1.101.37.0
ProductVersion : 1.101.37.0
ProductName : Dell Communication System
CompanyName : Dell
FileDescription : Dell Communication System
InternalName : DLBXcoms.exe
OriginalFilename : DLBXcoms.exe

#:61 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2432
ThreadCreationTime : 5-26-2007 11:31:18 PM
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:62 [wscntfy.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3700
ThreadCreationTime : 5-26-2007 11:31:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe

#:63 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 936
ThreadCreationTime : 5-26-2007 11:31:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:64 [ehmsas.exe]
FilePath : C:\WINDOWS\eHome\
ProcessID : 1740
ThreadCreationTime : 5-26-2007 11:32:00 PM
BasePriority : Normal
FileVersion : 5.1.2710.2732 (xpsp(wmbla).050805-1239)
ProductVersion : 5.1.2710.2732
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Media Status Aggregator Service
InternalName : eHMSAS
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehMSAS.exe

#:65 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 504
ThreadCreationTime : 5-27-2007 1:33:41 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : main_account@bs.serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:main account@bs.serving-sys.com/
Expires : 12-31-2037 6:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : main_account@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:main account@questionmarket.com/
Expires : 7-16-2008 12:02:24 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : main_account@insightexpressai[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:main account@insightexpressai.com/
Expires : 5-26-2012 7:57:02 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : main_account@adopt.euroclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:main account@adopt.euroclick.com/
Expires : 5-23-2017 8:06:18 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : main_account@serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:main account@serving-sys.com/
Expires : 12-31-2037 6:00:00 PM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : main_account@adinterax[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:main account@adinterax.com/
Expires : 6-2-2037 4:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : main_account@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:main account@tribalfusion.com/
Expires : 5-25-2008 7:58:16 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 9

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.TrojanDownloader.Agent Object Recognized!
Type : File
Data : A0069609.exe
TAC Rating : 10
Category : Virus
Comment :
Object : C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP206\

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
42 entries scanned.
New critical objects:0
Objects found so far: 10

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10

10:02:05 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:27:30.218
Objects scanned:242706
Objects identified:8
Objects ignored:0
New critical objects:8

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.