Skip to main content

ounjd.exe

Customer

I tried to search for it in the Registry but couldn't find it - is there a way to get rid of it? It shows when I open the Windows Task Manager.

 

I am running Win XP (Home Edition). I did a scan with Ad-Aware SE Person - here is the log file. PLEASE HELP GUYS - I AM AT MY WITS END...

 

----------------------------------------------------------------------------------------------------------------------

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Friday, January 05, 2007 10:39:20 AM

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R142 02.01.2007

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):2 total references

Tracking Cookie(TAC index:3):2 total references

Win32.Trojan.Downloader(TAC index:10):1 total references

Windows(TAC index:3):1 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

1-5-2007 10:39:20 AM - Scan started. (Smart mode)

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 868

ThreadCreationTime : 1-5-2007 4:37:04 PM

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 960

ThreadCreationTime : 1-5-2007 4:37:05 PM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 984

ThreadCreationTime : 1-5-2007 4:37:06 PM

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1028

ThreadCreationTime : 1-5-2007 4:37:06 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1040

ThreadCreationTime : 1-5-2007 4:37:06 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1188

ThreadCreationTime : 1-5-2007 4:37:07 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1288

ThreadCreationTime : 1-5-2007 4:37:07 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1324

ThreadCreationTime : 1-5-2007 4:37:07 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [evteng.exe]

FilePath : C:\Program Files\Intel\Wireless\Bin\

ProcessID : 1360

ThreadCreationTime : 1-5-2007 4:37:07 PM

BasePriority : Normal

FileVersion : 9, 0, 1, 12

ProductVersion : 9, 0, 0, 0

ProductName : EvtEng Module

CompanyName : Intel Corporation

FileDescription : EvtEng Module

InternalName : EvtEng

LegalCopyright : Copyright © Intel Corporation 1999-2004

OriginalFilename : EvtEng.EXE

 

#:10 [s24evmon.exe]

FilePath : C:\Program Files\Intel\Wireless\Bin\

ProcessID : 1480

ThreadCreationTime : 1-5-2007 4:37:08 PM

BasePriority : Normal

FileVersion : 9, 0, 1, 41

ProductVersion : 9, 0, 0, 0

ProductName : Mobile Unit Support Service

CompanyName : Intel Corporation

FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.

InternalName : S24EvMon

LegalCopyright : Copyright © Intel Corporation 1999-2004

OriginalFilename : S24EvMon.exe

 

#:11 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1532

ThreadCreationTime : 1-5-2007 4:37:08 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:12 [zcfgsvc.exe]

FilePath : C:\Program Files\Intel\Wireless\Bin\

ProcessID : 1592

ThreadCreationTime : 1-5-2007 4:37:08 PM

BasePriority : Normal

FileVersion : 9, 0, 1, 51

ProductVersion : 1, 0, 0, 2

ProductName : ZeroCfgSvc Application

CompanyName : Intel Corporation

FileDescription : ZeroCfgSvc MFC Application

InternalName : ZeroCfgSvc

LegalCopyright : Copyright © Intel Corporation 1999-2004

OriginalFilename : ZeroCfgSvc.EXE

 

#:13 [xlwfdv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1844

ThreadCreationTime : 1-5-2007 4:37:08 PM

BasePriority : Normal

 

 

#:14 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1856

ThreadCreationTime : 1-5-2007 4:37:09 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:15 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 1864

ThreadCreationTime : 1-5-2007 4:37:09 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:16 [ounjd.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1872

ThreadCreationTime : 1-5-2007 4:37:09 PM

BasePriority : Normal

 

 

#:17 [ounjd.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1972

ThreadCreationTime : 1-5-2007 4:37:09 PM

BasePriority : Normal

 

 

#:18 [ounjd.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1996

ThreadCreationTime : 1-5-2007 4:37:09 PM

BasePriority : Normal

 

 

#:19 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 400

ThreadCreationTime : 1-5-2007 4:37:09 PM

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:20 [igfxtray.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 612

ThreadCreationTime : 1-5-2007 4:37:10 PM

BasePriority : Normal

FileVersion : 3.0.0.3929

ProductVersion : 7.0.0.3929

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : igfxTray Module

InternalName : IGFXTRAY

LegalCopyright : Copyright 1999-2004, Intel Corporation

OriginalFilename : IGFXTRAY.EXE

 

#:21 [hkcmd.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 620

ThreadCreationTime : 1-5-2007 4:37:10 PM

BasePriority : Normal

FileVersion : 3.0.0.3929

ProductVersion : 7.0.0.3929

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : hkcmd Module

InternalName : HKCMD

LegalCopyright : Copyright 1999-2004, Intel Corporation

OriginalFilename : HKCMD.EXE

 

#:22 [cisvc.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 644

ThreadCreationTime : 1-5-2007 4:37:10 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Content Index service

InternalName : cisvc.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : cisvc.exe

 

#:23 [dvdramsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 664

ThreadCreationTime : 1-5-2007 4:37:10 PM

BasePriority : Normal

FileVersion : 2, 0, 7, 0

ProductVersion : 2, 0, 7, 0

CompanyName : Matsushita Electric Industrial Co., Ltd.

FileDescription : Service of RAMAsst for Windows XP

LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002 - 2003

OriginalFilename : DVDRAMSV.EXE

 

#:24 [mdm.exe]

FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\

ProcessID : 812

ThreadCreationTime : 1-5-2007 4:37:11 PM

BasePriority : Normal

FileVersion : 7.00.9466

ProductVersion : 7.00.9466

ProductName : Microsoft® Visual Studio .NET

CompanyName : Microsoft Corporation

FileDescription : Machine Debug Manager

InternalName : mdm.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : mdm.exe

 

#:25 [navapsvc.exe]

FilePath : C:\Program Files\Norton AntiVirus\

ProcessID : 884

ThreadCreationTime : 1-5-2007 4:37:11 PM

BasePriority : Normal

FileVersion : 9.05.1015

ProductVersion : 9.05.1015

ProductName : Norton AntiVirus

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.

OriginalFilename : NAVAPSVC.EXE

 

#:26 [nprotect.exe]

FilePath : C:\Program Files\Norton AntiVirus\AdvTools\

ProcessID : 940

ThreadCreationTime : 1-5-2007 4:37:11 PM

BasePriority : Normal

FileVersion : 16.00.0.22

ProductVersion : 16.00.0.22

ProductName : Norton Utilities

CompanyName : Symantec Corporation

FileDescription : Norton Protection Status

InternalName : NPROTECT

LegalCopyright : Copyright © 2003 Symantec Corporation

LegalTrademarks : Norton Utilities

OriginalFilename : NPROTECT.EXE

 

#:27 [oprotsvc.exe]

FilePath : C:\Program Files\Intel\Wireless\Bin\

ProcessID : 1224

ThreadCreationTime : 1-5-2007 4:37:11 PM

BasePriority : Normal

FileVersion : 9, 0, 1, 3

ProductVersion : 9, 0, 0, 0

ProductName : Intel PROSet/Wireless

CompanyName : Intel Corporation

FileDescription : Ownership protocol service

InternalName : OwnershipProtocol

LegalCopyright : Copyright © Intel Corporation 1999-2004

OriginalFilename : OProtSvc.exe

 

#:28 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1428

ThreadCreationTime : 1-5-2007 4:37:11 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:29 [regsrvc.exe]

FilePath : C:\Program Files\Intel\Wireless\Bin\

ProcessID : 1620

ThreadCreationTime : 1-5-2007 4:37:12 PM

BasePriority : Normal

FileVersion : 9, 0, 1, 10

ProductVersion : 9, 0, 0, 0

ProductName : RegSrvc Module

CompanyName : Intel Corporation

FileDescription : RegSrvc Module

InternalName : RegSrvc

LegalCopyright : Copyright © Intel Corporation 1999-2004

OriginalFilename : RegSrvc.EXE

Comments : Registry Interface for Intel Wireless Products

 

#:30 [snmp.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1704

ThreadCreationTime : 1-5-2007 4:37:12 PM

BasePriority : Normal

FileVersion : 5.1.2600.3038 (xpsp_sp2_gdr.061119-2303)

ProductVersion : 5.1.2600.3038

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : SNMP Service

InternalName : snmp.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : snmp.exe

 

#:31 [smagent.exe]

FilePath : C:\Program Files\Analog Devices\SoundMAX\

ProcessID : 1752

ThreadCreationTime : 1-5-2007 4:37:12 PM

BasePriority : Normal

FileVersion : 3, 2, 6, 0

ProductVersion : 3, 2, 6, 0

ProductName : SoundMAX service agent

CompanyName : Analog Devices, Inc.

FileDescription : SoundMAX service agent component

InternalName : SMAgent

LegalCopyright : Copyright © 2002

OriginalFilename : SMAgent.exe

 

#:32 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1772

ThreadCreationTime : 1-5-2007 4:37:12 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:33 [wdfmgr.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 208

ThreadCreationTime : 1-5-2007 4:37:12 PM

BasePriority : Normal

FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)

ProductVersion : 5.2.3790.1230

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows User Mode Driver Manager

InternalName : WdfMgr

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WdfMgr.exe

 

#:34 [syntplpr.exe]

FilePath : C:\Program Files\Synaptics\SynTP\

ProcessID : 220

ThreadCreationTime : 1-5-2007 4:37:12 PM

BasePriority : Normal

FileVersion : 7.12.4 14Oct04

ProductVersion : 7.12.4 14Oct04

ProductName : Synaptics Pointing Device Driver

CompanyName : Synaptics, Inc.

FileDescription : TouchPad Driver Helper Application

InternalName : SynTPLpr

LegalCopyright : Copyright © Synaptics, Inc. 1996-2004

OriginalFilename : SynTPLpr.exe

 

#:35 [syntpenh.exe]

FilePath : C:\Program Files\Synaptics\SynTP\

ProcessID : 228

ThreadCreationTime : 1-5-2007 4:37:12 PM

BasePriority : Normal

FileVersion : 7.12.4 14Oct04

ProductVersion : 7.12.4 14Oct04

ProductName : Synaptics Pointing Device Driver

CompanyName : Synaptics, Inc.

FileDescription : Synaptics TouchPad Enhancements

InternalName : Synaptics Enhancements Application

LegalCopyright : Copyright © Synaptics, Inc. 1996-2004

OriginalFilename : SynTPEnh.exe

 

#:36 [thotkey.exe]

FilePath : C:\Program Files\Toshiba\Toshiba Applet\

ProcessID : 240

ThreadCreationTime : 1-5-2007 4:37:13 PM

BasePriority : Normal

FileVersion : 1.00.0010

ProductVersion : 1.00.0010

ProductName : THotkey

CompanyName : TOSHIBA

FileDescription : Hotkey Utility

InternalName : THotkey

LegalCopyright : 2004

LegalTrademarks : TOSHIBA Corporation

OriginalFilename : THotkey.exe

Comments : Hotkey

 

#:37 [ndstray.exe]

FilePath : C:\Program Files\TOSHIBA\ConfigFree\

ProcessID : 368

ThreadCreationTime : 1-5-2007 4:37:13 PM

BasePriority : Normal

FileVersion : 5, 0, 0, 79

ProductVersion : 5, 0, 0, 0

ProductName : ConfigFree Tray

CompanyName : TOSHIBA CORPORATION

FileDescription : ConfigFree Tray

InternalName : ndstray

LegalCopyright : Copyright 2002-2004 © TOSHIBA CORPORATION. All rights reserved.

OriginalFilename : NDSTray.exe

 

#:38 [smoothview.exe]

FilePath : C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\

ProcessID : 320

ThreadCreationTime : 1-5-2007 4:37:13 PM

BasePriority : Normal

FileVersion : 2, 0, 0, 18

ProductVersion : 2, 0, 0, 18

ProductName : TOSHIBA Zooming Utility

CompanyName : TOSHIBA Corporation

FileDescription : SmoothView

InternalName : SmoothView

LegalCopyright : Copyright © 2003 TOSHIBA Corporation. All rights reserved.

OriginalFilename : SmoothView.exe

Comments : TOSHIBA Zooming Utility

 

#:39 [tvstray.exe]

FilePath : C:\Program Files\Toshiba\Tvs\

ProcessID : 492

ThreadCreationTime : 1-5-2007 4:37:13 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 2

ProductVersion : 1, 0, 0, 2

ProductName : TOSHIBA Virtual Sound

CompanyName : TOSHIBA Corporation

FileDescription : TOSHIBA Virtual Sound Taskbar Module

InternalName : TvsTray

LegalCopyright : Copyright © 2004 TOSHIBA Corporation.

OriginalFilename : TvsTray.exe

Comments : TOSHIBA Virtual Sound Taskbar Module

 

#:40 [padexe.exe]

FilePath : C:\Program Files\TOSHIBA\Touch and Launch\

ProcessID : 556

ThreadCreationTime : 1-5-2007 4:37:13 PM

BasePriority : Normal

FileVersion : 1, 2, 7, 0

ProductVersion : 1, 2, 7, 0

ProductName : PadTouch

CompanyName : TOSHIBA

FileDescription : PadTouch Main

InternalName : PadExe

LegalCopyright : Copyright © 2003-2004 TOSHIBA Corporation

OriginalFilename : PadExe.exe

 

#:41 [ifrmewrk.exe]

FilePath : C:\Program Files\Intel\Wireless\Bin\

ProcessID : 720

ThreadCreationTime : 1-5-2007 4:37:13 PM

BasePriority : Normal

FileVersion : 9, 0, 1, 19

ProductVersion : 9, 0, 0, 0

ProductName : Intel PROSet/Wireless

CompanyName : Intel Corporation

FileDescription : Intel Framework MFC Application

InternalName : Framework

LegalCopyright : Copyright © Intel Corporation 1999-2004

OriginalFilename : iFramewrk.exe

 

#:42 [eouwiz.exe]

FilePath : C:\Program Files\Intel\Wireless\Bin\

ProcessID : 732

ThreadCreationTime : 1-5-2007 4:37:13 PM

BasePriority : Normal

FileVersion : 9, 0, 1, 26

ProductVersion : 9, 0, 0, 0

ProductName : Intel PROSet/Wireless

CompanyName : Intel Corporation

FileDescription : Ease Of Use Wizard Application

InternalName : EOUWiz

LegalCopyright : Copyright © Intel Corporation 1999-2004

OriginalFilename : EOUWiz.EXE

 

#:43 [acrotray.exe]

FilePath : C:\Program Files\Adobe\Acrobat 7.0\Distillr\

ProcessID : 760

ThreadCreationTime : 1-5-2007 4:37:13 PM

BasePriority : Normal

FileVersion : 7.0.7.2006011200

ProductVersion : 7.0.7.2006011200

ProductName : AcroTray - Adobe Acrobat Distiller helper application.

CompanyName : Adobe Systems Inc.

FileDescription : AcroTray

InternalName : AcroTray

LegalCopyright : Copyright 1984-2006 Adobe Systems Incorporated and its licensors. All rights reserved.

OriginalFilename : AcroTray.exe

 

#:44 [fxssvc.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 740

ThreadCreationTime : 1-5-2007 4:37:13 PM

BasePriority : Normal

FileVersion : 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.2.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Fax Service

InternalName : FXSSVC.EXE

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : FXSSVC.EXE

 

#:45 [qttask.exe]

FilePath : C:\Program Files\QuickTime\

ProcessID : 796

ThreadCreationTime : 1-5-2007 4:37:13 PM

BasePriority : Normal

FileVersion : 7.0.4

ProductVersion : QuickTime 7.0.4

ProductName : QuickTime

CompanyName : Apple Computer, Inc.

FileDescription : QuickTime Task

InternalName : QuickTime Task

LegalCopyright : Copyright Apple Computer, Inc. 1989-2006

OriginalFilename : QTTask.exe

 

#:46 [cfsserv.exe]

FilePath : C:\Program Files\TOSHIBA\ConfigFree\

ProcessID : 832

ThreadCreationTime : 1-5-2007 4:37:13 PM

BasePriority : Normal

FileVersion : 5, 0, 1, 322

ProductVersion : 5, 0, 0, 0

ProductName : ConfigFree

CompanyName : TOSHIBA CORPORATION

FileDescription : ConfigFree Search for Wireless Devices Version 5.00

InternalName : CFSServ

LegalCopyright : Copyright © 2002-2004 TOSHIBA CORPORATION. All rights reserved.

LegalTrademarks : ConfigFree

OriginalFilename : CFSServ.EXE

Comments : ConfigFree Search for Wireless Devices

 

#:47 [pinger.exe]

FilePath : C:\TOSHIBA\IVP\ISM\

ProcessID : 840

ThreadCreationTime : 1-5-2007 4:37:13 PM

BasePriority : Normal

FileVersion : 3.7.0.0

ProductVersion : 3.7.0.0

ProductName : Software Upgrades

CompanyName : TOSHIBA Corporation

FileDescription : TOSHIBA Pinger

InternalName : PINGER

LegalCopyright : © 1997-2005 TOSHIBA Corporation

OriginalFilename : PINGER.EXE

 

#:48 [rundll32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1632

ThreadCreationTime : 1-5-2007 4:37:13 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Run a DLL as an App

InternalName : rundll

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : RUNDLL.EXE

 

#:49 [ctfmon.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1236

ThreadCreationTime : 1-5-2007 4:37:13 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

 

#:50 [camtray.exe]

FilePath : C:\Program Files\Creative\Shared Files\

ProcessID : 1624

ThreadCreationTime : 1-5-2007 4:37:13 PM

BasePriority : Normal

FileVersion : 3.60.07

ProductVersion : 3.60

ProductName : Creative Cam Detector

CompanyName : Creative Technology Ltd

FileDescription : Creative Camera Launcher Application

InternalName : Creative Camera Launcher Application

LegalCopyright : Copyright © Creative Technology Ltd., 2002-2004. All rights reserved.

OriginalFilename : CamTray.exe

 

#:51 [1xconfig.exe]

FilePath : C:\PROGRA~1\Intel\Wireless\Bin\

ProcessID : 2052

ThreadCreationTime : 1-5-2007 4:37:14 PM

BasePriority : Normal

FileVersion : 9, 0, 1, 35

ProductVersion : 9, 0, 0, 0

ProductName : 8021XConfig Module

CompanyName : Intel

FileDescription : 8021XConfig Module

InternalName : 8021XConfig

LegalCopyright : Copyright © Intel Corporation 1999-2004

OriginalFilename : 1XConfig.EXE

Comments : Wrapper for MH. (Service COM)

 

#:52 [ymsgr_tray.exe]

FilePath : C:\Program Files\Yahoo!\Messenger\

ProcessID : 2180

ThreadCreationTime : 1-5-2007 4:37:14 PM

BasePriority : Normal

 

 

#:53 [cfxfer.exe]

FilePath : C:\Program Files\TOSHIBA\ConfigFree\

ProcessID : 2508

ThreadCreationTime : 1-5-2007 4:37:15 PM

BasePriority : Normal

FileVersion : 2, 0, 0, 60

ProductVersion : 2, 0, 0, 0

ProductName : ConfigFree

CompanyName : TOSHIBA CORPORATION

FileDescription : ConfigFree SUMMIT Engine

InternalName : CFXFER

LegalCopyright : ©copyright TOSHIBA CORPORATION 2003-2004

LegalTrademarks : ConfigFree

OriginalFilename : CFXFER.exe

Comments : ConfigFree SUMMIT Engine

 

#:54 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 3256

ThreadCreationTime : 1-5-2007 4:37:18 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:55 [wscntfy.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3284

ThreadCreationTime : 1-5-2007 4:37:19 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Security Center Notification App

InternalName : wscntfy.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : wscntfy.exe

 

#:56 [regedit.exe]

FilePath : C:\WINDOWS\

ProcessID : 2188

ThreadCreationTime : 1-5-2007 4:37:45 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Registry Editor

InternalName : REGEDIT

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : REGEDIT.EXE

 

#:57 [wuauclt.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2620

ThreadCreationTime : 1-5-2007 4:38:00 PM

BasePriority : Normal

FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)

ProductVersion : 5.8.0.2469

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Automatic Updates

InternalName : wuauclt.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : wuauclt.exe

 

#:58 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

ProcessID : 252

ThreadCreationTime : 1-5-2007 4:39:02 PM

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Windows Object Recognized!

Type : RegData

Data : explorer.exe, c:\windows\system32\ounjd.exe

TAC Rating : 3

Category : Vulnerability

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows nt\currentversion\winlogon

Value : Shell

Data : explorer.exe, c:\windows\system32\ounjd.exe

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 1

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : techpeople@server.iad.liveperson[2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\TechPeople\Cookies\techpeople@server.iad.liveperson[2].txt

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 2

 

 

 

Deep scanning and examining files...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 2

 

Win32.Trojan.Downloader Object Recognized!

Type : File

Data : yqunncv.exe

TAC Rating : 10

Category : Malware

Comment :

Object : C:\WINDOWS\system32\

 

 

 

Disk Scan Result for C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 3

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : techpeople@adopt.euroclick[1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\DOCUME~1\TECHPE~1\LOCALS~1\Temp\Cookies\techpeople@adopt.euroclick[1].txt

 

Disk Scan Result for C:\DOCUME~1\TECHPE~1\LOCALS~1\Temp\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 4

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 4

 

 

 

MRU List Object Recognized!

Location: : S-1-5-21-670765294-3078153345-2072035612-1006\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-670765294-3078153345-2072035612-1006\software\microsoft\windows\currentversion\explorer\runmru

Description : mru list for items opened in start | run

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 6

 

10:52:30 AM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:13:10.326

Objects scanned:115837

Objects identified:4

Objects ignored:0

New critical objects:4

0

Comments

1 comment

Date Votes
  • Customer

    Hi ZeusTexas,

    Scan started. (Smart mode)

    In order for the malware experts to analyse your problems, please post an Ad-Aware SE Full-Scan log (latest Defs: SE1R142 02.01.2007), together with a log from a program called HijackThis.

     

    Log posting instructions are included in this Topic: Infected ??, found this

    Please make a new folder to put your HijackThis.exe into. Anywhere on your hard drive is fine other than your Desktop or the Temp folder. We suggest you use something like "C:\Program Files\HijackThis" but feel free to use any name. This is to ensure it makes the necessary backups for recovery if needed
    As some malware recognises the name HijackThis and is desiged to hide from it, try naming the folder something like "C:\Program Files\hjt".

     

    Regards,

     

    Spike

     

    NB: Moving your Topic to the HijackThis section of the forum.

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post