Jump to content


Photo

How to remove mxtarget.DLL?? Please help!!


  • Please log in to reply
6 replies to this topic

#1 bertaware

bertaware

    Member

  • New Member
  • Pip
  • 4 posts

Posted 02 July 2004 - 08:51 AM

Hello everyone,

I ran Spy sweeper and Pest Patrol and both discovered MXTARGET.dll and VX2 Transponder running on my system...but I cannot remove them.

Can someone please advise me?

Thx!!

Here's a copy of my hijack.log

Logfile of HijackThis v1.98.0
Scan saved at 15:40:19, on 02/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Aventail\Connect\as32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\progra~1\c4ebreg\c4ebreg.exe
C:\Program Files\Symantec_Desktop_Firewall\IAMAPP.EXE
C:\Program Files\NavNT\vptray.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\System32\cobmfze.exe
C:\Program Files\Lotus\Sametime Client\Connect.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\IBM\Infoprint Select\ipnotify.exe
C:\WINDOWS\System32\drivers\trcboot.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\C4ebreg\isamsmt.exe
c:\sdwork\issimsvc.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\Program Files\Symantec_Desktop_Firewall\NISSERV.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\Drivers\ldlcserv.exe
C:\Program Files\Symantec_Desktop_Firewall\NISUM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://w3.ibm.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/do...andardsoftware/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = Proxy.bru.be.ibm.com:8080
R3 - Default URLSearchHook is missing
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [C4EBReg] "C:\progra~1\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [iamapp] "C:\Program Files\Symantec_Desktop_Firewall\IAMAPP.EXE"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [viurkvzkbzmf] C:\WINDOWS\System32\cobmfze.exe
O4 - HKLM\..\Run: [bqd] C:\WINDOWS\bqd.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [Sametime Connect] C:\Program Files\Lotus\Sametime Client\Connect.exe
O4 - Global Startup: Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\program files\aventail\connect\asdns.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {6596829B-37D4-40AD-971B-1E9041725C52} - http://www.direct-ip...liver/uk/ms.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/...ad/IbmEgath.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bl...lnwebassist.cab
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3-3.ibm.com/...lugin/gpwsx.CAB
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = bru.be.ibm.com,be.ibm.com,ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = bru.be.ibm.com,be.ibm.com,ibm.com
O18 - Protocol: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\sappc\Controls\saphtmlp.dll
O18 - Protocol: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\sappc\Controls\saphtmlp.dll

#2 bertaware

bertaware

    Member

  • New Member
  • Pip
  • 4 posts

Posted 02 July 2004 - 11:28 AM

Tried again with Spy sweeper,Spy remover and Ad-Aware-->no success
Anyone with advise??

#3 Autodad

Autodad

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 2,118 posts

Posted 03 July 2004 - 03:21 AM

Hello bertaware,

MXTARGET.dll is part of Twain-Tech . We will also check for a Vx2 infection.


Let's start out by putting HJT in a Permanent folder.
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.
This will allow backups to be made and saved By hijackthis in case something goes wrong
Follow this link http://www.netstar.me.uk/hjt/hjt.html if you need help.
______

Click Start, click Control Panel, and then double-click Add or Remove Programs "Change or Remove Programs"and Remove:

twain-tech (if it's there)
______

Then, open Hijackthis, click Scan, then put a check next to the following entries:

R3 - Default URLSearchHook is missing

O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll


Now Close all open Windows and Browsers (have only HJT open) and click "Fix Checked".

Then Reboot.
______

Let's see if you have a Look2Me infection.
A tool has been made by Option^Explicit and freeatlast to find and remove it.
Please download VX2Finder from this link, and save it to your Desktop.

http://www.downloads...g/VX2Finder.exe

Run Vx2Finder click on the *click to find VX2.BetterInternet* button. Then click *make log*.
Copy and paste the contents of the log into your next reply here, along with a new HJT log.


Do you know what these files are?
bqd.exe and cobmfze.exe

C:\WINDOWS\bqd.exe
C:\WINDOWS\System32\cobmfze.exe

Could you navigate to them, then right click on each, go to Properties, and report back any infomation about them.

#4 bertaware

bertaware

    Member

  • New Member
  • Pip
  • 4 posts

Posted 06 July 2004 - 12:20 AM

Hi,
Sorry it took me so long to reply:

I've done what you asked me ..and these are the results:

Logfile of HijackThis v1.98.0
Scan saved at 7:18:27, on 06/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Aventail\Connect\as32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\progra~1\c4ebreg\c4ebreg.exe
C:\Program Files\Symantec_Desktop_Firewall\IAMAPP.EXE
C:\Program Files\NavNT\vptray.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Lotus\Sametime Client\Connect.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\IBM\Infoprint Select\ipnotify.exe
C:\notes\NLNOTES.EXE
C:\notes\ntaskldr.EXE
C:\WINDOWS\System32\drivers\trcboot.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\C4ebreg\isamsmt.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
c:\sdwork\issimsvc.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\Program Files\Symantec_Desktop_Firewall\NISSERV.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\Drivers\ldlcserv.exe
C:\Program Files\Symantec_Desktop_Firewall\NISUM.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn...st/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://w3.ibm.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/do...andardsoftware/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = Proxy.bru.be.ibm.com:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [C4EBReg] "C:\progra~1\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [iamapp] "C:\Program Files\Symantec_Desktop_Firewall\IAMAPP.EXE"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [Sametime Connect] C:\Program Files\Lotus\Sametime Client\Connect.exe
O4 - Global Startup: Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\program files\aventail\connect\asdns.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {6596829B-37D4-40AD-971B-1E9041725C52} - http://www.direct-ip...liver/uk/ms.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/...ad/IbmEgath.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bl...lnwebassist.cab
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3-3.ibm.com/...lugin/gpwsx.CAB
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = bru.be.ibm.com,be.ibm.com,ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = bru.be.ibm.com,be.ibm.com,ibm.com
O18 - Protocol: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\sappc\Controls\saphtmlp.dll
O18 - Protocol: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\sappc\Controls\saphtmlp.dll


Twain-Tech not found to remove software:


The VX2-log:

Log for VX2.BetterInternet File Finder

Files Found---


Guardian Key--- is called:

User Agent String---

#5 bertaware

bertaware

    Member

  • New Member
  • Pip
  • 4 posts

Posted 06 July 2004 - 01:15 AM

Damn,again after reboot same problem:
How is this possible???
Or am I doing something wrong??

Ad-Aware log:

Ad-Aware log:


Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Tuesday, 06 July, 2004 7:34:07
Created with Ad-aware Personal, free for private use.
Using reference-file :01R326 01.07.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R325 27.06.2004
Internal build : 257
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\reflist.ref
Total size : 1274298 Bytes
Signature data size : 1253786 Bytes
Reference data size : 20448 Bytes
Signatures total : 27864
Target categories : 10
Target families : 507
06-07-2004 7:33:44 Performing Webupdate...

Installing Update...
Reference file loaded:
Reference Number : 01R326 01.07.2004
Internal build : 258
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\reflist.ref
Total size : 1281876 Bytes
Signature data size : 1261311 Bytes
Reference data size : 20501 Bytes
Signatures total : 28014
Target categories : 10
Target families : 508

06-07-2004 7:33:51 Success.
Update successfully downlodaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:47 %
Total physical memory:523248 kb
Available physical memory:244888 kb
Total page file size:1278812 kb
Available on page file:1005432 kb
Total virtual memory:2097024 kb
Available virtual memory:2038280 kb
OS:

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file


06-07-2004 7:34:07 - Scan started. (Custom mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 06-07-2004 5:30:58
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 06-07-2004 5:31:02
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06-07-2004 5:31:04
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 12/09/2002 6:20:57
Last accessed : 06/07/2004 5:05:00
Last modified : 29/08/2002 12:00:00

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06-07-2004 5:31:04
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 12/09/2002 6:19:59
Last accessed : 06/07/2004 5:05:00
Last modified : 29/08/2002 12:00:00

#:5 [ibmpmsvc.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06-07-2004 5:31:04
BasePriority : Normal
FileSize : 56 KB
Created on : 29/11/1979 23:59:59
Last accessed : 06/07/2004 5:05:00
Last modified : 30/04/2004 20:12:49

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06-07-2004 5:31:06
BasePriority : Normal
FileSize : 316 KB
Created on : 29/11/1979 23:59:59
Last accessed : 06/07/2004 5:05:00
Last modified : 30/04/2004 20:12:59

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06-07-2004 5:31:06
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 12/09/2002 6:21:11
Last accessed : 06/07/2004 4:58:22
Last modified : 29/08/2002 12:00:00

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06-07-2004 5:31:06
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 12/09/2002 6:21:11
Last accessed : 06/07/2004 4:58:22
Last modified : 29/08/2002 12:00:00

#:9 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06-07-2004 5:31:08
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 12/09/2002 6:21:08
Last accessed : 06/07/2004 5:05:00
Last modified : 29/08/2002 12:00:00

#:10 [as32.exe]
FilePath : C:\Program Files\Aventail\Connect\
ThreadCreationTime : 06-07-2004 5:31:08
BasePriority : Normal
FileSize : 112 KB
FileVersion : 5.0.1.76
ProductVersion : 5.0.1.76
Copyright : © Copyright 1996-2002 Aventail Corp.
CompanyName : Aventail Corporation
FileDescription : Aventail® Connect™
InternalName : AS32.EXE
OriginalFilename : AS32.EXE
ProductName : Aventail® Connect™
Created on : 07/05/2004 8:41:27
Last accessed : 06/07/2004 5:05:00
Last modified : 19/06/2002 11:12:00

#:11 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06-07-2004 5:31:22
BasePriority : Normal
FileSize : 316 KB
Created on : 29/11/1979 23:59:59
Last accessed : 06/07/2004 5:05:00
Last modified : 30/04/2004 20:12:59

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 06-07-2004 5:31:22
BasePriority : Normal
FileSize : 973 KB
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 12/05/2003 1:12:10
Last accessed : 06/07/2004 5:31:28
Last modified : 12/05/2003 1:12:10

#:13 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 06-07-2004 5:31:23
BasePriority : Normal
FileSize : 86 KB
FileVersion : 2.1.31 2.1.31 06/27/2003 08:53:31
ProductVersion : 2.1.31 2.1.31 06/27/2003 08:53:31
Copyright : Copyright
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
OriginalFilename : smdmstat.exe
ProductName : Agere SoftModem Messaging Applet
Created on : 29/11/1979 23:59:59
Last accessed : 06/07/2004 5:30:55
Last modified : 30/04/2004 20:13:23

#:14 [tphkmgr.exe]
FilePath : C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\
ThreadCreationTime : 06-07-2004 5:31:24
BasePriority : Normal
FileSize : 92 KB
Created on : 30/04/2004 21:30:38
Last accessed : 06/07/2004 5:30:55
Last modified : 30/04/2004 20:10:46

#:15 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06-07-2004 5:31:24
BasePriority : Normal
FileSize : 31 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Microsoft
Created on : 12/09/2002 6:20:53
Last accessed : 06/07/2004 5:30:55
Last modified : 29/08/2002 12:00:00

#:16 [syntplpr.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ThreadCreationTime : 06-07-2004 5:31:24
BasePriority : Normal
FileSize : 108 KB
FileVersion : 7.5.17.6 28Aug03
ProductVersion : 7.5.17.6 28Aug03
Copyright : Copyright © Synaptics, Inc. 1996-2003
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
OriginalFilename : SynTPLpr.exe
ProductName : Progressive Touch
Created on : 30/04/2004 21:35:24
Last accessed : 06/07/2004 5:30:55
Last modified : 30/04/2004 20:11:42

#:17 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ThreadCreationTime : 06-07-2004 5:31:24
BasePriority : Normal
FileSize : 500 KB
FileVersion : 7.5.17.6 28Aug03
ProductVersion : 7.5.17.6 28Aug03
Copyright : Copyright © Synaptics, Inc. 1996-2003
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
OriginalFilename : SynTPEnh.exe
ProductName : Progressive Touch
Created on : 30/04/2004 21:35:24
Last accessed : 06/07/2004 5:30:55
Last modified : 30/04/2004 20:11:42

#:18 [qcwlicon.exe]
FilePath : C:\Program Files\ThinkPad\ConnectUtilities\
ThreadCreationTime : 06-07-2004 5:31:24
BasePriority : Normal
FileSize : 52 KB
FileVersion : 2, 7, 3, 0
ProductVersion : 2, 7, 3, 0
Copyright : Copyright © IBM Corp. 2001, 2003
CompanyName : IBM Corp.
FileDescription : IBM Access Connections - Wireless Status Icon.
InternalName : QCWLIcon
OriginalFilename : QCWLIcon.exe
ProductName : IBM ThinkPad Utility
Created on : 30/04/2004 21:37:20
Last accessed : 06/07/2004 5:30:55
Last modified : 04/11/2003 1:07:02

#:19 [c4ebreg.exe]
FilePath : C:\progra~1\c4ebreg\
ThreadCreationTime : 06-07-2004 5:31:25
BasePriority : Normal
FileSize : 288 KB
FileVersion : 4.8
ProductVersion : 4.8
CompanyName : IBM Global Services
FileDescription : IBM Standard Asset Manager
InternalName : C4EBREG
Created on : 08/07/2003 19:44:48
Last accessed : 06/07/2004 5:30:55
Last modified : 02/06/2004 13:02:51

#:20 [iamapp.exe]
FilePath : C:\Program Files\Symantec_Desktop_Firewall\
ThreadCreationTime : 06-07-2004 5:31:26
BasePriority : Normal
FileSize : 152 KB
FileVersion : 2.01.0.21
ProductVersion : 2.01
Copyright : Copyright © 2000 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : IAMAPP.EXE
ProductName : Symantec Desktop Firewall
Created on : 05/12/2001 10:32:46
Last accessed : 06/07/2004 5:30:55
Last modified : 05/12/2001 10:32:46

#:21 [vptray.exe]
FilePath : C:\Program Files\NavNT\
ThreadCreationTime : 06-07-2004 5:31:26
BasePriority : Normal
FileSize : 76 KB
FileVersion : 7.61.00.954
ProductVersion : 7.61.00.954
Copyright : Copyright © Symantec Corporation 1991-2001
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus
ProductName : Norton AntiVirus
Created on : 24/10/2003 14:01:50
Last accessed : 06/07/2004 5:30:55
Last modified : 24/10/2003 14:01:50

#:22 [atiptaxx.exe]
FilePath : C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\
ThreadCreationTime : 06-07-2004 5:31:26
BasePriority : Normal
FileSize : 328 KB
FileVersion : 6.14.10.5093
ProductVersion : 6.14.10.5093
Copyright : Copyright © 1998-2002 ATI Technologies Inc.
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
OriginalFilename : Atiptaxx.exe
ProductName : ATI Desktop Component
Created on : 23/06/2004 13:19:56
Last accessed : 06/07/2004 5:30:55
Last modified : 10/02/2004 19:10:00

#:23 [ppcontrol.exe]
FilePath : C:\PROGRA~1\PESTPA~1\
ThreadCreationTime : 06-07-2004 5:31:26
BasePriority : Normal
FileSize : 52 KB
Created on : 01/07/2004 18:21:08
Last accessed : 06/07/2004 5:31:26
Last modified : 02/04/2004 13:11:48

#:24 [ppmemcheck.exe]
FilePath : C:\PROGRA~1\PESTPA~1\
ThreadCreationTime : 06-07-2004 5:31:26
BasePriority : Normal
FileSize : 145 KB
Created on : 01/07/2004 18:21:08
Last accessed : 06/07/2004 5:30:55
Last modified : 02/04/2004 13:11:54

#:25 [cookiepatrol.exe]
FilePath : C:\PROGRA~1\PESTPA~1\
ThreadCreationTime : 06-07-2004 5:31:27
BasePriority : Normal
FileSize : 68 KB
Created on : 01/07/2004 18:21:09
Last accessed : 06/07/2004 5:30:55
Last modified : 02/04/2004 13:10:34

#:26 [connect.exe]
FilePath : C:\Program Files\Lotus\Sametime Client\
ThreadCreationTime : 06-07-2004 5:31:27
BasePriority : Normal
FileSize : 1236 KB
FileVersion : 3, 2, 0, 14
ProductVersion : 3, 2, 0, 14
Copyright : Copyright © 1998-2000
CompanyName : Lotus Development Corporation
FileDescription : Sametime Connect Application
InternalName : Connect
OriginalFilename : Connect.EXE
ProductName : Sametime Connect
Created on : 08/08/2003 19:08:19
Last accessed : 06/07/2004 5:31:28
Last modified : 17/02/2003 16:42:52

#:27 [ipnotify.exe]
FilePath : C:\Program Files\IBM\Infoprint Select\
ThreadCreationTime : 06-07-2004 5:31:28
BasePriority : Normal
FileSize : 132 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
FileDescription : IPNOTIF MFC Application
InternalName : IPNOTIF
OriginalFilename : IPNOTIF.EXE
ProductName : IPNOTIF Application
Created on : 03/05/2004 10:53:12
Last accessed : 06/07/2004 5:30:55
Last modified : 09/10/2003 12:02:14

#:28 [tponscr.exe]
FilePath : C:\Program Files\ThinkPad\PkgMgr\HOTKEY\
ThreadCreationTime : 06-07-2004 5:31:28
BasePriority : Normal
FileSize : 76 KB
Created on : 30/04/2004 21:30:38
Last accessed : 06/07/2004 5:30:55
Last modified : 30/04/2004 20:10:48

#:29 [tpscrex.exe]
FilePath : C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\
ThreadCreationTime : 06-07-2004 5:31:28
BasePriority : Normal
FileSize : 64 KB
FileVersion : 1.06
ProductVersion : 1.06
Copyright : Copyright © 2000, IBM Corporation
CompanyName : IBM Corporation
FileDescription : ThinkPad UltraZoom
InternalName : TPSCREX
OriginalFilename : TpScrEx.exe
ProductName : ThinkPad UltraZoom
Created on : 30/04/2004 21:30:40
Last accessed : 06/07/2004 5:30:55
Last modified : 30/04/2004 20:10:58

#:30 [nlnotes.exe]
FilePath : C:\notes\
ThreadCreationTime : 06-07-2004 5:31:41
BasePriority : Normal
FileSize : 800 KB
Created on : 09/06/2003 20:07:02
Last accessed : 06/07/2004 5:00:00
Last modified : 09/06/2003 20:07:02

#:31 [ntaskldr.exe]
FilePath : C:\notes\
ThreadCreationTime : 06-07-2004 5:31:51
BasePriority : Normal
FileSize : 20 KB
Created on : 23/05/2003 9:49:52
Last accessed : 06/07/2004 5:00:23
Last modified : 23/05/2003 9:49:52

#:32 [trcboot.exe]
FilePath : C:\WINDOWS\System32\drivers\
ThreadCreationTime : 06-07-2004 5:32:16
BasePriority : Normal
FileSize : 28 KB
FileVersion : 5060.0.2226.456
ProductVersion : 5.6.0
Copyright : Copyright © IBM Corp. 1989, 2002
CompanyName : IBM Corporation
FileDescription : TRCBOOT.EXE
InternalName : TRCBOOT
OriginalFilename : TRCBOOT.EXE
ProductName : Personal Communications
Created on : 19/08/2002 21:19:16
Last accessed : 06/07/2004 5:06:23
Last modified : 19/08/2002 21:19:16

#:33 [defwatch.exe]
FilePath : C:\Program Files\NavNT\
ThreadCreationTime : 06-07-2004 5:32:17
BasePriority : Normal
FileSize : 32 KB
FileVersion : 7.61.00.954
ProductVersion : 7.61.00.954
Copyright : Copyright
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
OriginalFilename : DefWatch.exe
ProductName : Norton AntiVirus
Created on : 24/10/2003 13:43:14
Last accessed : 06/07/2004 5:06:24
Last modified : 24/10/2003 13:43:14

#:34 [pds.exe]
FilePath : C:\WINDOWS\system32\cba\
ThreadCreationTime : 06-07-2004 5:32:17
BasePriority : Normal
FileSize : 32 KB
FileVersion : 6.12.0.105 E
ProductVersion : 6.12.0.105
Copyright : Copyright
CompanyName : Intel
FileDescription : CBA -- Ping Discovery Service
InternalName : PDS
OriginalFilename : PDS.EXE
ProductName : Intel Common Base Agent
Created on : 10/01/2003 13:54:56
Last accessed : 06/07/2004 5:06:24
Last modified : 10/01/2003 13:54:56

#:35 [isamsmt.exe]
FilePath : C:\Program Files\C4ebreg\
ThreadCreationTime : 06-07-2004 5:32:18
BasePriority : Normal
FileSize : 100 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : IBM Global Services
FileDescription : ISAM Software Metering Tool
InternalName : ISAMSMT
Created on : 08/07/2003 19:44:48
Last accessed : 06/07/2004 5:31:28
Last modified : 08/07/2003 19:44:36

#:36 [issimsvc.exe]
FilePath : c:\sdwork\
ThreadCreationTime : 06-07-2004 5:32:19
BasePriority : Normal
FileSize : 184 KB
FileVersion : 1.24
ProductVersion : 1.24
CompanyName : IBM Global Services
FileDescription : ISSI EZUpdate Service
InternalName : ISSIMSVC
Created on : 23/09/2002 15:44:24
Last accessed : 06/07/2004 5:30:55
Last modified : 14/06/2004 7:44:00

#:37 [pcs_agnt.exe]
FilePath : C:\Program Files\IBM\Personal Communications\
ThreadCreationTime : 06-07-2004 5:32:19
BasePriority : Normal
FileSize : 40 KB
FileVersion : 5060.0.2226.456
ProductVersion : 5.6.0
Copyright : Copyright © IBM Corp. 1989, 2002
CompanyName : IBM Corporation
FileDescription : Always Resident PComm Process
InternalName : PCS_AGNT.EXE
ProductName : Personal Communications
Created on : 19/08/2002 21:03:38
Last accessed : 06/07/2004 5:06:26
Last modified : 19/08/2002 21:03:38

#:38 [netcfgsv.exe]
FilePath : C:\PROGRA~1\AT&TNE~1\
ThreadCreationTime : 06-07-2004 5:32:20
BasePriority : Normal
FileSize : 92 KB
FileVersion : 5.09.2
ProductVersion : 5.09.2
Copyright : Copyright
CompanyName : AT&T
FileDescription : Network configuration service
InternalName : NetCfgSvr
OriginalFilename : NetCfgSvr.EXE
ProductName : NetCfgSvr Module
Created on : 20/05/2004 7:51:33
Last accessed : 06/07/2004 5:06:26
Last modified : 01/03/2004 6:00:00

#:39 [nisserv.exe]
FilePath : C:\Program Files\Symantec_Desktop_Firewall\
ThreadCreationTime : 06-07-2004 5:32:20
BasePriority : Normal
FileSize : 76 KB
FileVersion : 2.01.0.21
ProductVersion : 2.01
Copyright : Copyright © 2000 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : IAMSERV.EXE
ProductName : Symantec Desktop Firewall
Created on : 05/12/2001 10:29:18
Last accessed : 06/07/2004 5:33:30
Last modified : 05/12/2001 10:29:18

#:40 [rtvscan.exe]
FilePath : C:\Program Files\NavNT\
ThreadCreationTime : 06-07-2004 5:32:24
BasePriority : Normal
FileSize : 480 KB
FileVersion : 7.61.00.954
ProductVersion : 7.61.00.954
Copyright : Copyright © Symantec Corporation 1991-2001
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus
ProductName : Norton AntiVirus
Created on : 24/10/2003 13:48:46
Last accessed : 06/07/2004 5:06:29
Last modified : 24/10/2003 13:48:46

#:41 [pppoeservice.exe]
FilePath : C:\PROGRA~1\Alcatel\ENTERN~1\app\
ThreadCreationTime : 06-07-2004 5:32:25
BasePriority : Normal
FileSize : 48 KB
Created on : 30/04/2004 14:28:12
Last accessed : 06/07/2004 5:06:30
Last modified : 11/07/2000 8:48:36

#:42 [qconsvc.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06-07-2004 5:32:25
BasePriority : Normal
FileSize : 52 KB
FileVersion : 2, 7, 3, 0
ProductVersion : 2, 7, 3, 0
Copyright : Copyright © IBM Corp. 2001, 2003
CompanyName : IBM Corp.
FileDescription : IBM Access Connections - Service Component.
InternalName : QConSvc
OriginalFilename : QConSvc.Exe
ProductName : IBM ThinkPad Utility
Created on : 30/04/2004 21:37:20
Last accessed : 06/07/2004 5:06:31
Last modified : 04/11/2003 1:07:02

#:43 [winvnc.exe]
FilePath : C:\Program Files\RealVNC\WinVNC\
ThreadCreationTime : 06-07-2004 5:32:25
BasePriority : Normal
FileSize : 328 KB
FileVersion : 3, 3, 7, 0
ProductVersion : 3, 3, 7, 0
Copyright : Copyright RealVNC Ltd.
CompanyName : RealVNC Ltd.
FileDescription : VNC server for Win32
InternalName : WinVNC
OriginalFilename : WinVNC.exe
ProductName : RealVNC Ltd. - WinVNC
Created on : 05/03/2003 11:49:00
Last accessed : 06/07/2004 5:30:55
Last modified : 05/03/2003 11:49:00

#:44 [xfr.exe]
FilePath : C:\WINDOWS\system32\cba\
ThreadCreationTime : 06-07-2004 5:32:25
BasePriority : Normal
FileSize : 36 KB
FileVersion : 6.12.0.105 E
ProductVersion : 6.12.0.105
Copyright : Copyright
CompanyName : Intel
FileDescription : CBA - Message Resource
InternalName : xfrrc
OriginalFilename : XFR.EXE
ProductName : Intel Common Base Agent
Created on : 10/01/2003 13:55:14
Last accessed : 06/07/2004 5:06:31
Last modified : 10/01/2003 13:55:14

#:45 [msgsys.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06-07-2004 5:32:27
BasePriority : Normal
FileSize : 28 KB
FileVersion : 6.12.0.105 E
ProductVersion : 6.12.0.105
Copyright : Copyright
CompanyName : Intel
FileDescription : CBA -- Message System
InternalName : MsgExe
OriginalFilename : MsgSys.EXE
ProductName : Intel Common Base Agent
Created on : 10/01/2003 13:54:12
Last accessed : 06/07/2004 5:06:33
Last modified : 10/01/2003 13:54:12

#:46 [ldlcserv.exe]
FilePath : C:\WINDOWS\System32\Drivers\
ThreadCreationTime : 06-07-2004 5:32:27
BasePriority : Normal
FileSize : 28 KB
FileVersion : 5060.0.2226.456
ProductVersion : 5.6.0
Copyright : Copyright © IBM Corp. 1989, 2002
CompanyName : IBM Corporation
FileDescription : LDLCSERV.EXE
InternalName : LDLCSERV.EXE
OriginalFilename : LDLCSERV.EXE
ProductName : Personal Communications
Created on : 19/08/2002 21:19:14
Last accessed : 06/07/2004 5:06:33
Last modified : 19/08/2002 21:19:14

#:47 [nisum.exe]
FilePath : C:\Program Files\Symantec_Desktop_Firewall\
ThreadCreationTime : 06-07-2004 5:32:32
BasePriority : Normal
FileSize : 104 KB
FileVersion : 2.01.0.21
ProductVersion : 2.01
Copyright : Copyright © 2000 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Symantec Desktop Firewall Stats
ProductName : Symantec Desktop Firewall
Created on : 05/12/2001 10:22:38
Last accessed : 06/07/2004 5:06:38
Last modified : 05/12/2001 10:22:38

#:48 [spysweeper.exe]
FilePath : C:\Program Files\Webroot\Spy Sweeper\
ThreadCreationTime : 06-07-2004 5:33:13
BasePriority : Normal
FileSize : 649 KB
FileVersion : 2.6.1.45
ProductVersion : 1.0.0.0
Copyright : Copyright © 2001-2003 Webroot Software, Inc.
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper
ProductName : Spy Sweeper
Created on : 25/06/2004 5:53:24
Last accessed : 06/07/2004 5:33:14
Last modified : 25/02/2004 9:53:04

#:49 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ThreadCreationTime : 06-07-2004 5:33:29
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 02/07/2004 15:36:46
Last accessed : 06/07/2004 5:33:48
Last modified : 12/07/2003 19:00:20

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

StopPop Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{4534CD6B-59D6-43FD-864B-06A0D843444A}


VX2 Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mxtargetdll.mxtargetdllobj.1


VX2 Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{690BCCB4-6B83-4203-AE77-038C116594EC}


VX2 Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : vx2.vx2obj


Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 4
Objects found so far: 4


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 4


Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

VX2 Object recognized!
Type : File
Data : thnall1t[1].exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EKRGP21G\
FileSize : 64 KB
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
Copyright : BetterInternet, Inc.
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
OriginalFilename : InstUtil.exe
ProductName : Install Utility
Created on : 06/07/2004 4:58:26
Last accessed : 06/07/2004 4:58:26
Last modified : 06/07/2004 4:58:26



VX2 Object recognized!
Type : File
Data : cobmfze.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileSize : 37 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : callinghome.biz
CompanyName : callinghome.biz
FileDescription : Installation utility for www.callinghome.biz
InternalName : Calling Home
OriginalFilename : Caller.exe
ProductName : Calling Home
Created on : 01/07/2004 13:42:30
Last accessed : 06/07/2004 5:05:06
Last modified : 21/05/2004 16:02:58



Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 6


Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
1 entries scanned.
New objects :0
Objects found so far: 6




Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

VX2 Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : Software\MxTarget


VX2 Object recognized!
Type : File
Data : dummy.htm
Category : Data Miner
Comment :
Object : c:\docume~1\admini~1\locals~1\temp\

Created on : 02/07/2004 17:39:59
Last accessed : 06/07/2004 6:05:35
Last modified : 02/07/2004 17:39:59



Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 2
Objects found so far: 8


8:07:53 Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:33:45:62
Objects scanned :138177
Objects identified :8
Objects ignored :0
New objects :8


HJT-log

Logfile of HijackThis v1.98.0
Scan saved at 8:09:40, on 06/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Aventail\Connect\as32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\progra~1\c4ebreg\c4ebreg.exe
C:\Program Files\Symantec_Desktop_Firewall\IAMAPP.EXE
C:\Program Files\NavNT\vptray.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Lotus\Sametime Client\Connect.exe
C:\Program Files\IBM\Infoprint Select\ipnotify.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\notes\NLNOTES.EXE
C:\notes\ntaskldr.EXE
C:\WINDOWS\System32\drivers\trcboot.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\C4ebreg\isamsmt.exe
c:\sdwork\issimsvc.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\Program Files\Symantec_Desktop_Firewall\NISSERV.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\Drivers\ldlcserv.exe
C:\Program Files\Symantec_Desktop_Firewall\NISUM.EXE
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6YXU8SOL\VX2Finder[1].exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://w3.ibm.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/do...andardsoftware/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = Proxy.bru.be.ibm.com:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [C4EBReg] "C:\progra~1\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [iamapp] "C:\Program Files\Symantec_Desktop_Firewall\IAMAPP.EXE"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [Sametime Connect] C:\Program Files\Lotus\Sametime Client\Connect.exe
O4 - Global Startup: Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\program files\aventail\connect\asdns.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {6596829B-37D4-40AD-971B-1E9041725C52} - http://www.direct-ip...liver/uk/ms.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/...ad/IbmEgath.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bl...lnwebassist.cab
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3-3.ibm.com/...lugin/gpwsx.CAB
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = bru.be.ibm.com,be.ibm.com,ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = bru.be.ibm.com,be.ibm.com,ibm.com
O18 - Protocol: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\sappc\Controls\saphtmlp.dll
O18 - Protocol: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\sappc\Controls\saphtmlp.dll


VX2 finder log:

Log for VX2.BetterInternet File Finder

Files Found---


Guardian Key--- is called:

User Agent String---

#6 Autodad

Autodad

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 2,118 posts

Posted 06 July 2004 - 01:36 AM

There was an update to the Vx2 Finder yesterday.
Please download VX2Finder from this link, and save it to your Desktop.

http://downloads.sub...Finder(126).exe

Run Vx2Finder click on the *click to find VX2.BetterInternet* button. Then click *make log*.

Copy and paste the contents of the log into your next reply here.

#7 diamond

diamond

    Member

  • New Member
  • Pip
  • 1 posts

Posted 24 July 2004 - 05:48 AM

Try this sequence.
This may sound a bit odd, and it is, it just actually worked for me!

go to (in IE6)
tools/Internet options/advanced
Under browse category Uncheck enable third party
browser Extensions. Restart computer)

This blocks the communication that gives the malware
entry when you do the next step. (Every time I booted my
firewall had told me www.abetterinternet, was trying to reach out.)
Whenever I rebooted that communication was accompanyied by 8 VX2
entries and the mxtarget.dll in windows, with many mxtarget entries in the registry.

Get webroot spysweeper (they have a free one....which worked
so well I'm gonna buy it)

http://www.webroot.c...eeper/index.php

Shut down everything open...then run it.
Delete the hideous thigs it finds.
Reboot.

It deleted not only mxtarget.dll from windows, but all
the recurrent VX2 files that seemed to accompany it, and it deleted this too:

:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brow ser Helper Objects\{0000607D-D204-42C7-8E46-216055BF9918}

That thing dumped itself there everytime I rebooted.

One thing though. As an experiment I re-enabled third party browser
extensions and rebooted.....and the problem returned. That means there's still
some file in there. I disabled it again, reran sweeper , and I'm ok again.
After that adaware found nothing, nor has it on repeated trials.

I let sweeper stay on now, like a firewall it is set to alert on any attack.
I think twaintech is responsible for this whole mess.

I don't know if this is the most professional solution possible , but It works.

Let me know......dave




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button